>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

10.7.3Failures of any critical security control systems are responded to promptly, including but not limited to: Restoring security functions.

>Requirement Description

Failures of any critical security control systems are responded to promptly, including but not limited to: Restoring security functions. Identifying and documenting the duration (date and time from start to end) of the security failure. Identifying and documenting the cause(s) of failure, and documenting required remediation. Identifying and addressing any security issues that arose during the failure. Determining whether further actions are required as a result of the security failure. Implementing controls to prevent the cause of failure from reoccurring. Resuming monitoring of security controls. Applicability Notes This requirement applies only when the entity being assessed is a service provider, until the 31 March 2025, after which this requirement will apply to all entities. This is a current v3.2.1 requirement that applies to service providers only. However, this requirement is a best practice for all other entities until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

SCF

CFG-02.8
Compare
CHG-06
Compare
CPL-02
Compare
CPL-03
Compare
CPL-03.2
Compare
END-06.2
Compare
IRO-01
Compare
MON-01
Compare
MON-01.16
Compare
MON-01.4
Compare
RSK-06
Compare
RSK-06.1
Compare
SEA-01.1
Compare
TPM-11
Compare

Ask AI

Configure your API key to use AI features.