Information supplement requirement 11.3 penetration testing
PCI Requirement 11.3.2 – Penetration Testing
15 Apr General. PCI DSS Requirement addresses penetration testing, which is different than the external and internal vulnerability assessments.
Description:The requirement is further divided into following sub requirements: Exploitable vulnerabilities identified during testing shall be corrected and testing shall be repeated to verify corrections Requirement Perform network segmentation testing to validate if segmentation controls and methods are effective and operational The major objective of penetration testing is to determine ways by which a malicious user can achieve unauthorized access to cardholder data. The scope of work in a vulnerability scan is limited to identifying, ranking and reporting vulnerabilities.