Back to Dashboard
Req 6: Develop and Maintain Secure Systems and Applications
Address vulnerabilities and patch systems promptly.
Responsibility
Processor
Compliance Status
At Risk
35%Overview
Security must be an integral part of system and application development. This requirement focuses on patching vulnerabilities and following secure coding practices to prevent exploits.
Key Actions for Compliance
A non-exhaustive list of actions your organization should take to meet this requirement.
- Establish a process to identify and address security vulnerabilities, using reputable outside sources for vulnerability information.
- Install critical security patches within one month of release.
- Train developers in secure coding techniques.
- For public-facing web applications, address new threats and vulnerabilities on an ongoing basis.
Testing Procedures (Simplified)
How auditors may verify that this requirement is met.
- Examine policies and procedures for vulnerability management and patch installation.
- Review patch management logs to verify that critical patches are applied within one month.
- Interview developers to confirm they have received secure coding training.