{"id":176,"date":"2022-08-18T18:42:08","date_gmt":"2022-08-18T16:42:08","guid":{"rendered":"https:\/\/pcihispano.org\/?p=176"},"modified":"2026-05-06T19:17:10","modified_gmt":"2026-05-06T17:17:10","slug":"analisis-de-pci-dss-v4-0-parte-iv-requerimientos-5-y-6","status":"publish","type":"post","link":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-iv-requerimientos-5-y-6\/","title":{"rendered":"Analysis of PCI DSS v4.0 \u2013 Part IV: Requirements 5 and 6"},"content":{"rendered":"<p><span class=\"intro-text\">In this fourth instalment of the series \u201c<a href=\"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/\">Analysis of PCI DSS 4.0<\/a>\u201d a review of the changes in requirements 5 and 6 of the PCI DSS standard between versions 3.2.1 and 4.0 is presented. These two requirements are focused on protection at the software level to prevent, detect and mitigate the exploitation of vulnerabilities in the system components within range.<\/span><\/p>\n<div class=\"su-box su-box-style-glass\" id=\"\" style=\"border-color:#000000;border-radius:5px;max-width:none\"><div class=\"su-box-title\" style=\"background-color:#333333;color:#FFFFFF;border-top-left-radius:3px;border-top-right-radius:3px\">Analysis of PCI DSS v4.0<\/div><div class=\"su-box-content su-u-clearfix su-u-trim\" style=\"border-bottom-left-radius:3px;border-bottom-right-radius:3px\">\n<p>All articles in the series <a href=\"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/\" target=\"_blank\" rel=\"noopener\">Analysis of PCI DSS v4.0<\/a>:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-1-introduccion\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 \u2013 Part I: Introduction<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-ii-requerimientos-1-y-2\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 \u2013 Part II: Requirements 1 and 2<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-iii-requerimientos-3-y-4\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 \u2013 Part III: Requirements 3 and 4<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-iv-requerimientos-5-y-6\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 \u2013 Part IV: Requirements 5 and 6<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-v-requerimientos-7-8-y-9\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 \u2013 Part V: Requirements 7, 8 and 9<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-vi-requerimientos-10-y-11\/\" rel=\"bookmark\">Analysis of PCI DSS v4.0 Part VI: Requirements 10 and 11<\/a><\/li>\n<li><a href=\"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-vii-requerimiento-12\/\" target=\"_blank\" rel=\"noopener\">Analysis of PCI DSS v4.0 \u2013 Part VII: Requirement 12<\/a><\/li>\n<\/ul>\n<\/div><\/div>\n<p>In PCI DSS version 4.0, these requirements were renamed to clarify and expand their scope, addressing some of the restrictions identified in version 3.2.1.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-224\" src=\"https:\/\/i0.wp.com\/pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?resize=900%2C190&#038;ssl=1\" alt=\"\" width=\"900\" height=\"190\" srcset=\"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?w=1257&amp;ssl=1 1257w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?resize=300%2C63&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?resize=1024%2C216&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?resize=768%2C162&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Group3.png?resize=500%2C105&amp;ssl=1 500w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h2>Requirement 5: <em>Protect All Systems and Networks from Malicious Software<\/em><\/h2>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-228\" src=\"https:\/\/i0.wp.com\/pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?resize=900%2C87&#038;ssl=1\" alt=\"\" width=\"900\" height=\"87\" srcset=\"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?w=1255&amp;ssl=1 1255w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?resize=300%2C29&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?resize=1024%2C99&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?resize=768%2C74&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req5.png?resize=500%2C48&amp;ssl=1 500w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p>Since its first version, the PCI DSS standard has included controls for detection, removal, blocking and containment against malicious code (<em>malware<\/em>). However, until version 3.2.1, these controls were generically referred to as \u201cantivirus software\u201d (<em>Anti-virus Software<\/em>), which was incorrect from a strictly technical point of view, since this type of solution not only protects against viruses (as the name implies) but also against other known variants of malicious software (worms (<em>worms<\/em>), Trojans (<em>trojan horses<\/em>), <em>ransomware<\/em>, <em>spyware<\/em>, <em>rootkits, adware, backdoors<\/em>, etc.).<\/p>\n<p>For this reason, <span class=\"highlight\">from version 4.0 of PCI DSS the term \u201c<strong>antimalware<\/strong>\u201d to cover not only viruses but also all other families of malicious code, which is more consistent with the objective of this requirement.<\/span><\/p>\n<div id=\"attachment_225\" style=\"width: 978px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-225\" class=\"wp-image-225\" src=\"https:\/\/i0.wp.com\/pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?resize=900%2C559&#038;ssl=1\" alt=\"\" width=\"900\" height=\"559\" srcset=\"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?w=1060&amp;ssl=1 1060w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?resize=300%2C186&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?resize=1024%2C636&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?resize=768%2C477&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/antimalware_antivirus.png?resize=500%2C310&amp;ssl=1 500w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><p id=\"caption-attachment-225\" class=\"wp-caption-text\">Difference between \"antivirus\" and \"antimalware\"<\/p><\/div>\n<p>Other changes incorporated in this new version of the standard were:<\/p>\n<ul>\n<li>To avoid the ambiguities seen in previous versions of the standard about which operating systems should have an anti-malware solution installed and which should not, a more operational approach has been chosen: the institution should conduct a periodic assessment to determine which system components should require an anti-malware solution. All other assets determined not to be affected by malware must be listed (req. 5.2.3).<\/li>\n<li>Updates to the antimalware solution must be made automatically (req. 5.3.1)<\/li>\n<li>Finally, the term \u201c<strong><u>real-time scanning<\/u><\/strong>\u201d for the anti-malware solution (this is a type of persistent and continuous scanning where security risk analysis is performed every time a file is received, opened, downloaded, copied or modified). Previously, reference was made to the fact that anti-malware mechanisms should be actively implemented (<em>intense running<\/em>), which gave rise to different interpretations.<\/li>\n<li>Incorporated <strong>continuous analysis of the behaviour of systems or processes<\/strong> as a method of scanning the accepted anti-malware solution, as an alternative to traditional periodic scans (programmed and on-demand) and real-time scans <em>(real-time<\/em> u <em>on-access<\/em>) \u2013 Req. 5.3.2.<\/li>\n<li>As for scheduled scans, their periodicity must be configured based on a risk analysis (req. 5.3.2.1).<\/li>\n<li>It incorporates the obligation of the <strong>scanning of removable storage media<\/strong> (Req. 5.3.3).<\/li>\n<li>The retention of the logs of the antimalware solution is aligned to the general criteria of log management (12 months with availability of the last 3 months for immediate analysis - req. 5.3.4).<\/li>\n<li>It incorporates the mandatory use of mechanisms to detect and protect against <strong>phishing attacks <\/strong>(Req. 5.4.1). In this case, the controls to be implemented go beyond the installation of an antimalware agent, involving configurations at the level of email servers (without these servers having to be in range).<\/li>\n<\/ul>\n<h2>Requirement 6: <em>Develop and Maintain Secure Systems and Software<\/em><\/h2>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-226\" src=\"https:\/\/i0.wp.com\/pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?resize=900%2C95&#038;ssl=1\" alt=\"\" width=\"900\" height=\"95\" srcset=\"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?w=1254&amp;ssl=1 1254w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?resize=300%2C32&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?resize=1024%2C109&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?resize=768%2C81&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/Req6.png?resize=500%2C53&amp;ssl=1 500w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p>Like the vast majority of PCI DSS requirements, requirement 6 was also no stranger to the change in its name, which this time expands its scope to cover not only applications but software in general. In this line, it is clarified that <strong>controls of this requirement apply to all system components<\/strong>, with the exception of section 6.2 which applies only to customised or internally developed software.<\/p>\n<p>The most relevant changes to controls for custom or in-house developed software are:<\/p>\n<ul>\n<li>The order of the controls in the requirement was changed, organizing in section 6.2 the controls for customized or internally developed software, section 6.3 for the management of updates and vulnerabilities, section 6.4 for the protection of web applications with public access and section 6.5 for change management.<\/li>\n<li>Priority was given to the application of security controls in customized or internally developed software to prevent vulnerabilities throughout the phases of the development life cycle.<\/li>\n<li>Details on the content of the <strong>training for developers <\/strong>(Req. 6.2.2):\n<ul>\n<li>Must be performed annually<\/li>\n<li>Must cover the programming languages used<\/li>\n<li>You must incorporate information about the tools used to detect vulnerabilities<\/li>\n<\/ul>\n<\/li>\n<li>As for the <strong>code review<\/strong>, should be carried out in accordance with secure development guidelines, include reviews of existing and emerging vulnerabilities and apply corrections before they are put into production (req. 6.3.2).<\/li>\n<li>Some of the \u201ctraditional\u201d vulnerabilities in software development (SQLi, XSS, CSRF, etc.) were grouped into a single requirement (req. 6.2.4).<\/li>\n<\/ul>\n<p>On the other hand, for the management of security vulnerabilities, the following controls were added\/complemented:<\/p>\n<ul>\n<li>In PCI DSS version 4.0, req. 6.3.3 (former 6.2), <span class=\"highlight\">\"High\" and \"critical\" patches must be installed within the first month after publication.<\/span> In PCI DSS v3.2.1 only the installation of \"critical\" patches was required.<\/li>\n<li>Vulnerability identification should cover not only \u201cbase\u201d software (operating systems, databases, applications, network equipment) but also libraries, compilers, programming languages<\/li>\n<li>The concept of \u201c<strong><u>bug bounty<\/u><\/strong>\u201d as an additional tool for third parties to report vulnerabilities to the institution (req. 6.3.1).<\/li>\n<li>It requires the creation of a <strong>inventory of custom or in-house developed software<\/strong>, including linked components such as libraries, services, <em>frameworks<\/em>, etc. (req. 6.3.2, which will enter into force on 31 March 2025).<\/li>\n<li>As of 31 March 2025, the use of an automated technical tool to detect and prevent web attacks in real time (such as a <em>Web Application Firewall<\/em> \u2013 WAF, for example). The periodic execution of tools for scanning web applications, which was offered as an option for the protection of web applications with public access, will no longer be valid.<\/li>\n<li>Control 6.4.1 (protection of publicly accessible web applications) mentions the technology of <em>Runtime Application Self-Protection<\/em> (RASP) as a complementary tool to <strong><a href=\"https:\/\/www.pcihispano.com\/en\/controles-tecnicos-de-pci-dss-parte-i-waf-web-application-firewall\/\" target=\"_blank\" rel=\"noopener\"><em>Web Application Firewall<\/em> <\/a><\/strong>(WAF).<\/li>\n<li>Finally, many of the criteria that had been presented in the document were incorporated into the standard. <a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/best_practices_securing_ecommerce.pdf\"><em><strong>Information Supplement: Best Practices for Securing E-commerce<\/strong><\/em><\/a>, including <strong>the implementation of technical methods for the protection of scripts on payment pages<\/strong> loaded and executed in the user's browser, including:\n<ul>\n<li>Controls to confirm that each script is authorized<\/li>\n<li>Controls to verify the integrity of each script<\/li>\n<li>An inventory of all scripts used with their related justification.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>This check will be valid from March 31, 2025.<\/p>\n<p>On the other hand, in terms of change management:<\/p>\n<ul>\n<li>The use of real PAN numbers (<em>live PANs<\/em>) in pre-production environments if these environments are included in the CDE and protected in accordance with PCI DSS.<\/li>\n<li>Change management includes changes made to custom or in-house developed software.<\/li>\n<\/ul>\n<p>In the following article of this series, the requirements 7, 8 and 9 of PCI DSS will be analyzed, focused on the management of physical and logical access control to the environment.<\/p>\n<h2>References<\/h2>\n<ul>\n<li>Information Supplement \u2013 Best Practices for Securing E-commerce <a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/best_practices_securing_ecommerce.pdf\">https:\/\/www.pcisecuritystandards.org\/pdfs\/best_practices_securing_ecommerce.pdf<\/a><\/li>\n<li>Defending Against Phishing &amp; Social Engineering Attacks \u2013 A Resource Guide from the PCI Security Standards Council <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI_SSC_Phishing_Resource_Guide_-v06.pdf\">https:\/\/www.pcisecuritystandards.org\/documents\/PCI_SSC_Phishing_Resource_Guide_-v06.pdf<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>This fourth installment of the \u2018PCI DSS 4.0 Analysis\u2019 series presents a review of the changes in requirements 5 and 6 of the PCI DSS standard that occurred between versions 3.2.1 and 4.0. These two requirements are [\u2026]<\/p>","protected":false},"author":2,"featured_media":199,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[7,354],"tags":[8,24,25,33,23,26,27,28,31,32,35,30,34,29],"class_list":["post-176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pci-dss-4-0","category-pcidss","tag-4-0","tag-antimalware","tag-antivirus","tag-desarrollo","tag-malware","tag-phishing","tag-ransomware","tag-realtime","tag-requerimiento-5","tag-requerimiento-6","tag-sdlc","tag-spyware","tag-ssdlc","tag-troyano"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte4b.png?fit=1920%2C1080&ssl=1","jetpack-related-posts":[{"id":98,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-1-introduccion\/","url_meta":{"origin":176,"position":0},"title":"An\u00e1lisis de PCI DSS v4.0 &#8211; Parte I: Introducci\u00f3n","author":"David Acosta","date":"agosto 17, 2022","format":false,"excerpt":"En esta primera parte de esta serie \"An\u00e1lisis de PCI DSS v4.0\" se analizar\u00e1 la historia detr\u00e1s de la versi\u00f3n 4.0 del est\u00e1ndar, las variables que influyeron en su cambio y el proceso de revisi\u00f3n y publicaci\u00f3n asociado. A continuaci\u00f3n, en entregas subsiguientes, se realizar\u00e1 una revisi\u00f3n a los cambios\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte1.png?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte1.png?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte1.png?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte1.png?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte1.png?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":477,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-vii-requerimiento-12\/","url_meta":{"origin":176,"position":1},"title":"An\u00e1lisis de PCI DSS v4.0 \u2013 Parte VII: Requerimiento 12","author":"David Acosta","date":"noviembre 17, 2022","format":false,"excerpt":"En este pen\u00faltimo art\u00edculo de la serie \u201cAn\u00e1lisis de PCI DSS v4.0\u201d se presenta un an\u00e1lisis a los cambios del requerimiento 12 - parte del grupo 6 \u201cMaintain an Information Security Policy\u201d- en la versi\u00f3n 4.0 del est\u00e1ndar PCI DSS. Requerimiento 12: Support Information Security with Organizational Policies and Programs\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/11\/PCIDSS_PartVII.png?fit=1200%2C671&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/11\/PCIDSS_PartVII.png?fit=1200%2C671&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/11\/PCIDSS_PartVII.png?fit=1200%2C671&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/11\/PCIDSS_PartVII.png?fit=1200%2C671&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/11\/PCIDSS_PartVII.png?fit=1200%2C671&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":391,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-vi-requerimientos-10-y-11\/","url_meta":{"origin":176,"position":2},"title":"An\u00e1lisis de PCI DSS v4.0 Parte VI: Requerimientos 10 y 11","author":"David Acosta","date":"septiembre 15, 2022","format":false,"excerpt":"En esta sexta entrega de la serie \u201cAn\u00e1lisis de PCI DSS v4.0\u201d se analizar\u00e1n los requerimientos 10 y 11 del est\u00e1ndar PCI DSS v4.0. Estos requerimientos hacen parte del grupo 5. Regularly Monitor and Test Networks, que continua con el mismo nombre de la versi\u00f3n 3.2.1 del est\u00e1ndar. El objetivo\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/09\/Parte6.png?fit=1200%2C672&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/09\/Parte6.png?fit=1200%2C672&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/09\/Parte6.png?fit=1200%2C672&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/09\/Parte6.png?fit=1200%2C672&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/09\/Parte6.png?fit=1200%2C672&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":157,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-ii-requerimientos-1-y-2\/","url_meta":{"origin":176,"position":3},"title":"An\u00e1lisis de PCI DSS v4.0 \u2013 Parte II: Requerimientos 1 y 2","author":"David Acosta","date":"agosto 18, 2022","format":false,"excerpt":"En esta segunda parte de la serie \u201cAn\u00e1lisis de PCI DSS v4.0\u201d se realizar\u00e1 una revisi\u00f3n a los requerimientos 1 y 2 del est\u00e1ndar, que hacen parte del grupo \u201cBuild and Maintain a Secure Network and Systems\u201d, orientados al control del tr\u00e1fico de red entrante y saliente del entorno y\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte2.png?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte2.png?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte2.png?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte2.png?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte2.png?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":173,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-iii-requerimientos-3-y-4\/","url_meta":{"origin":176,"position":4},"title":"An\u00e1lisis de PCI DSS v4.0 \u2013 Parte III: Requerimientos 3 y 4","author":"David Acosta","date":"agosto 18, 2022","format":false,"excerpt":"Continuando con el an\u00e1lisis a la versi\u00f3n 4.0 del est\u00e1ndar PCI DSS, en esta tercera parte de la serie se analizar\u00e1n los requerimientos 3 y 4 que hacen parte del grupo \u201cProtect Account Data\u201d, enfocados a la protecci\u00f3n de la confidencialidad y la integridad de los datos de tarjetas de\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte3.png?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte3.png?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte3.png?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte3.png?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte3.png?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":179,"url":"https:\/\/www.pcihispano.com\/en\/analisis-de-pci-dss-v4-0-parte-v-requerimientos-7-8-y-9\/","url_meta":{"origin":176,"position":5},"title":"An\u00e1lisis de PCI DSS v4.0 \u2013 Parte V: Requerimientos 7, 8 y 9","author":"David Acosta","date":"agosto 18, 2022","format":false,"excerpt":"En esta quinta entrega de la serie \u201cAn\u00e1lisis de PCI DSS v4.0\u201d se analizar\u00e1n los cambios aplicados a los requerimientos 7, 8 y 9 del est\u00e1ndar en su nueva versi\u00f3n (4.0). Estos requerimientos \u2013 que hacen parte del grupo 4 \u201cImplement Strong Access Control Measures\u201d \u2013 est\u00e1n orientados hacia la\u2026","rel":"","context":"In &quot;An\u00e1lisis de PCI DSS v4.0&quot;","block_context":{"text":"An\u00e1lisis de PCI DSS v4.0","link":"https:\/\/www.pcihispano.com\/en\/category\/pci-dss-4-0\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte5.png?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte5.png?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte5.png?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte5.png?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.pcihispano.com\/wp-content\/uploads\/2022\/08\/parte5.png?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":1,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"predecessor-version":[{"id":11749,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/posts\/176\/revisions\/11749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/media\/199"}],"wp:attachment":[{"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pcihispano.com\/en\/wp-json\/wp\/v2\/tags?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}