>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

12.5.3Additional requirement for service providers only: Significant changes to organizational structure result in a documented (internal) review of the impact to PCI DSS scope and applicability of controls, with results communicated to executive management.

>Requirement Description

Additional requirement for service providers only: Significant changes to organizational structure result in a documented (internal) review of the impact to PCI DSS scope and applicability of controls, with results communicated to executive management. Applicability Notes This requirement applies only when the entity being assessed is a service provider. This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.OV-02
Compare
GV.RM-03
Compare
GV.RM-05
Compare

SCF

TPM-05.5
Compare

Ask AI

Configure your API key to use AI features.