>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

10.7.2Failures of critical security control systems are detected, alerted, and addressed promptly, including but not limited to failure of the following critical security control systems: Network security controls.

>Requirement Description

Failures of critical security control systems are detected, alerted, and addressed promptly, including but not limited to failure of the following critical security control systems: Network security controls. IDS/IPS. Change-detection mechanisms. Anti-malware solutions. Physical access controls. Logical access controls. Audit logging mechanisms. Segmentation controls (if used). Audit log review mechanisms. Automated security testing tools (if used). Applicability Notes This requirement applies to all entities, including service providers, and will supersede Requirement 10.7.1 as of 31 March 2025. It includes two additional critical security control systems not in Requirement 10.7.1. This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.OV-01
Compare
GV.OV-02
Compare
GV.OV-03
Compare
GV.RM-05
Compare
ID.IM-03
Compare

SCF

CFG-02.8
Compare
CPL-02
Compare
CPL-03
Compare
CPL-03.2
Compare
END-06.2
Compare
IRO-01
Compare
MON-01
Compare
MON-01.16
Compare
MON-01.4
Compare
RSK-06
Compare
RSK-06.1
Compare
SEA-01.1
Compare
TPM-11
Compare

Ask AI

Configure your API key to use AI features.