top of page
12.11 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
12.11
Requirement 12: Maintain a policy that addresses information security for all personnel
(v3.2.1)
Additional requirement for service providers only: Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures. Reviews must cover the following processes:
• Daily log reviews
• Firewall rule-set reviews
• Applying configuration standards to new systems
• Responding to security alerts
• Change management processes
bottom of page