>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

11.6.1A change- and tamper-detection mechanism is deployed as follows: To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the security-impacting HTTP headers and the script contents of payment pages as received by the consumer browser.

>Requirement Description

A change- and tamper-detection mechanism is deployed as follows: To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the security-impacting HTTP headers and the script contents of payment pages as received by the consumer browser. The mechanism is configured to evaluate the received HTTP header and payment pages. The mechanism functions are performed as follows: - At least once weeky, OR - Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). Applicability Notes This requirement also applies to entities with a webpage(s) that includes a TPSP’s/payment processor’s embedded payment page/form (for example, one or more inline frames or iframes.) This requirement does not apply to an entity for scripts in a TPSP’s/payment processor’s embedded payment page/form (for example, one or more iframes), where the entity includes a TPSP’s/payment processor’s payment page/form on its webpage. Scripts in the TPSP’s/payment processor’s embedded payment page/form are the responsibility of the TPSP/payment processor to manage in accordance with this requirement. The intention of this requirement is not that an entity installs software in the systems or browsers of its consumers, but rather that the entity uses techniques such as those described under Examples in the PCI DSS Guidance to prevent and detect unexpected script activities. This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.RM-03
Compare
GV.RM-06
Compare
GV.SC-01
Compare
GV.SC-03
Compare
GV.SC-07
Compare
GV.SC-09
Compare
ID.AM-05
Compare
ID.AM-08
Compare

SCF

CFG-03.1
Compare
END-06
Compare
MON-01.7
Compare
WEB-13
Compare

Ask AI

Configure your API key to use AI features.