>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

12.3.1For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented and includes: Identification of the assets being protected.

>Requirement Description

For each PCI DSS requirement that specifies completion of a targeted risk analysis, the analysis is documented and includes: Identification of the assets being protected. Identification of the threat(s) that the requirement is protecting against. Identification of factors that contribute to the likelihood and/or impact of a threat being realized. Resulting analysis that determines, and includes justification for, how the frequency or processes defined by the entity to meet the requirement minimize the likelihood and/or impact of the threat being realized. Review of each targeted risk analysis at least once every 12 months to determine whether the results are still valid or if an updated risk analysis is needed Performance of updated risk analyses when needed, as determined by the annual review. Applicability Notes This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.OV-01
Compare
GV.OV-03
Compare
GV.RM-06
Compare
ID.AM-05
Compare
ID.IM-01
Compare
ID.RA-03
Compare
ID.RA-04
Compare
ID.RA-05
Compare
ID.RA-07
Compare

SCF

CFG-03.1
Compare
RSK-01.1
Compare
RSK-03
Compare
RSK-04
Compare
RSK-04.1
Compare
RSK-05
Compare
RSK-06
Compare
RSK-06.2
Compare
RSK-07
Compare

Ask AI

Configure your API key to use AI features.