>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

5.4.1Processes and automated mechanisms are in place to detect and protect personnel against phishing attacks.

>Requirement Description

Processes and automated mechanisms are in place to detect and protect personnel against phishing attacks. Applicability Notes The focus of this requirement is on protecting personnel with access to system components in-scope for PCI DSS. Meeting this requirement for technical and automated controls to detect and protect personnel against phishing is not the same as Requirement 12.6.3.1 for security awareness training. Meeting this requirement does not also meet the requirement for providing personnel with security awareness training, and vice versa. This requirement is a best practice until 31 March 2025, after which it will be required and must be fully considered during a PCI DSS assessment.

>Cross-Framework Mappings

SCF

END-08
Compare

Ask AI

Configure your API key to use AI features.