PCI-DSS 4.0

Payment Card Industry Data Security Standard v4.0. Mandatory for any organisation that stores, processes or transmits cardholder data.

22 controls mapped to UnveilScan findings · 66 total finding-to-control links

2.2.1 Configure system security parameters 1 finding 3.2 Do not store sensitive data unnecessarily 1 finding 3.3.1 Sensitive authentication data not stored 1 finding 3.4 Render PAN unreadable 1 finding 3.5 PAN protection / backups 2 findings 3.5.1 Protect cryptographic keys 1 finding 4.1 Strong cryptography for transmission 2 findings 4.2.1 Strong cryptography and security protocols 20 findings 4.2.1.1 Legacy TLS versions prohibited 3 findings 6.2.2 Bespoke and custom software security 2 findings 6.2.4 Common coding vulnerabilities 2 findings 6.3.3 Vulnerabilities are addressed and patches applied 5 findings 6.4.1 Attacks from web-based threats 2 findings 6.4.2 Controls to protect applications 4 findings 6.4.3 Client-side tampering 9 findings 6.5.1 Secure coding training 1 finding 6.5.5 Improper error handling 1 finding 6.5.x Common coding vulnerabilities 1 finding 7.2.1 Access to system components 1 finding 8.3 Authentication method 1 finding 10.2.1 Audit logs 3 findings 12.10.1 Incident response 2 findings