PCI DSS Requirement 11.3.4 - A Penetration Testers Viewpoint
Mike Weber VP, Coalfire Labs
Are you currently following PCI DSS v2.0 requirements for penetration testing? If so, time is running out for you to get to PCI DSS v3.0 standards; PCI DSS Requirement 11.3 is a best practice until June 30th,2015, after which, it will become a mandatory to perform penetration tests to the v3.0 standard. Requirement 11.3.4, one of the major phased requirements of PCI DSS v3.0; it mandates that if segmentation is used in your environment to reduce scope, penetration tests must verify that the segmentation methods are “operational and effective and isolate all out-of-scope systems from in-scope systems.”
In this webinar, you will get a network penetration tester’s viewpoint of Requirement 11.3.4. You will learn what the purpose behind testing segmentation controls, which segmentation boundaries need to be tested and which do not, how much effort it takes, as well as some of the methodologies used when testing segmentation boundaries.
This archived webinar requires registration. Please fill out the form to receive access.