Description
PCI DSS 4.0
Owning organization
Validating JSON schema
License
Creative Commons Zero v1.0 Universal

Definition of the object
{
    "authors": [
        "Jeremy Dannenmuller"
    ],
    "label": "PCI DSS 4.0",
    "language": "EN",
    "refs": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf",
    "uuid": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
    "values": [
        {
            "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.",
            "code": "5.4",
            "label": "5.4 Anti-phishing mechanisms protect users against phishing attacks.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "033ed95f-0444-4200-a229-d36ba8d320ac"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.1",
            "label": "11.1 Processes and mechanisms for regularly testing security of systems and networks are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "042cc126-c21a-42c2-a003-fe0184ddbfec"
        },
        {
            "category": "Requirement 6: Develop and Maintain Secure Systems and Software.",
            "code": "6.4",
            "label": "6.4 Public-facing web applications are protected against attacks.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "046b9fca-955e-4d7f-bfca-ae6a0cf92f01"
        },
        {
            "category": "Requirement 1: Install and maintain Network Security Controls",
            "code": "1.1",
            "label": "1.1 Processes and mechanisms for installing and maintaining network security controls are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "09262d8f-9fa8-48bc-90a6-b5dd76f6f5a6"
        },
        {
            "category": "Requirement 1: Install and maintain Network Security Controls",
            "code": "1.3",
            "label": "1.3 Network access to and from the cardholder data environment is restricted.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "0a26e736-1827-4572-9165-617b4d4a5edd"
        },
        {
            "category": "Requirement 2: Apply Secure Configurations to All System Components.",
            "code": "2.2",
            "label": "2.2 System components are configured and managed securely.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "109bd9fe-1bbd-45f0-91da-27758cfacb1f"
        },
        {
            "category": "A2 - Additional PCI DSS Requirements for Entities Using SSL/Early TLS for Card-Present POS POI Terminal Connections",
            "code": "A.2.1",
            "label": "A2.1 POI terminals using SSL and/or early TLS are confirmed as not susceptible to known SSL/TLS exploits.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "11bd5603-6d95-45b2-b166-2977810e693b"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.2",
            "label": "3.2 Storage of account data is kept to a minimum.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "13643f1d-5127-4338-8747-b9b1a5153553"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.2",
            "label": "10.2 Audit logs are implemented to support the detection of anomalies and suspicious activity. and the forensic analysis of events.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "1570bd71-c8bd-4839-a833-20a4d9c78c19"
        },
        {
            "category": "Requirement 6: Develop and Maintain Secure Systems and Software.",
            "code": "6.2",
            "label": "6.2 Bespoke and custom software are developed securely.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "166b54f6-039c-47ee-b53c-a4c441054ef3"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.2",
            "label": "11.2 Wireless access points are identified and monitored. and unauthorized wireless access points are addressed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "198e86b1-88fd-4ca2-920b-abe3188d2161"
        },
        {
            "category": "Requirement 9: Restrict Physical Access to Cardholder Data.",
            "code": "9.2",
            "label": "9.2 Physical access controls manage entry into facilities and systems containing cardholder data.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "29116643-2936-45ae-b095-c32472c5c5fc"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.1",
            "label": "10.1 Processes and mechanisms for logging and monitoring all access to system components and cardholder data are defined and documented.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "291753d9-bdb7-4284-82cd-86639dd5051c"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.4",
            "label": "8.4 Multi-factor authentication (MFA) is implemented to secure access into the CDE",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "2b3ceaf1-acd1-4a25-9920-9365a0edecc6"
        },
        {
            "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.",
            "code": "5.2",
            "label": "5.2 Malicious software (malware) is prevented. or detected and addressed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "367f079c-235c-415f-acfa-cfc8fcbf57e3"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.6",
            "label": "3.6 Cryptographic keys used to protect stored account data are secured.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "36db6005-d2cc-4406-a441-71cf2918935a"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.7",
            "label": "12.7 Personnel are screened to reduce risks from insider threats.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "37e791d6-5a76-4bf6-a8dc-ed2951acca43"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.5",
            "label": "12.5 PCI DSS scope is documented and validated.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "382b37cb-0b20-4d93-8297-156cbb7a0257"
        },
        {
            "category": "Requirement 9: Restrict Physical Access to Cardholder Data.",
            "code": "9.4",
            "label": "9.4 Media with cardholder data is securely stored. accessed. distributed. and destroyed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "3b9336b9-d7b6-4ea6-bcba-920f9a6ced43"
        },
        {
            "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.",
            "code": "4.2",
            "label": "4.2 PAN is protected with strong cryptography during transmission",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "3b988763-bff2-4cee-b1b2-5cea61e9dcf8"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.5",
            "label": "11.5 Network intrusions and unexpected file changes are detected and responded to.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "3d7419df-8a0b-4ec0-902f-89f90e77bdc1"
        },
        {
            "category": "Requirement 6: Develop and Maintain Secure Systems and Software.",
            "code": "6.5",
            "label": "6.5 Changes to all system components are managed securely.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "435fad54-ccb7-4f4f-b8fe-5b75af1bf4ea"
        },
        {
            "category": "A3 - Designated Entities Supplemental Validation (DESV)",
            "code": "A3.3",
            "label": "A3.3 PCI DSS is incorporated into business-as-usual (BAU) activities.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "438c70bf-7e0c-477d-97ae-31578185da58"
        },
        {
            "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.",
            "code": "7.1",
            "label": "7.1 Processes and mechanisms for restricting access to system components and cardholder data by business need to know are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "43ec094e-fe4c-4355-b4f4-5e7281016cec"
        },
        {
            "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.",
            "code": "5.1",
            "label": "5.1 Processes and mechanisms for protecting all systems and networks from malicious software are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "471b054e-61a2-4a72-830b-13843ed09146"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.1",
            "label": "12.1 A comprehensive information security policy that governs and provides direction for protection of the entity’s information assets is known and current.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "478a985a-4bad-42a5-b34e-45d5db543d63"
        },
        {
            "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss",
            "code": "A1.1",
            "label": "A1.1 Multi-tenant service providers protect and separate all customer environments and data.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "49c69882-50a8-4bb7-b56a-e9471d7943d1"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.1",
            "label": "8.1 Processes and mechanisms for identifying users and authenticating access to system components are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "4c8a94b0-1f2c-4a10-a279-6ee20397543e"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.4",
            "label": "10.4 Audit logs are reviewed to identify anomalies or suspicious activity.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "536ee90b-6041-4e7f-b445-0fde74e24338"
        },
        {
            "category": "A3 - Designated Entities Supplemental Validation (DESV)",
            "code": "A3.1",
            "label": "A3.1 A PCI DSS compliance program is implemented.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "5b43004f-9e3d-42f3-a321-f482d68ff54d"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.9",
            "label": "12.9 Third-party service providers (TPSPs) support their customers’ PCI DSS compliance.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "5bf20465-8283-4b0f-82fa-ff2fa4f5b6e8"
        },
        {
            "category": "Requirement 1: Install and maintain Network Security Controls",
            "code": "1.4",
            "label": "1.4 Network connections between trusted and untrusted networks are controlled.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "5d8988d4-09b2-416d-b58a-970597fc4397"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.1",
            "label": "3.1 Processes and mechanisms for protecting stored account data are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "6ad4ac2b-74e8-4ff2-9d39-f6becb2e124f"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.6",
            "label": "10.6 Time-synchronization mechanisms support consistent time settings across all systems.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "6eca23a9-8def-4bd9-8ece-b0666a2f4368"
        },
        {
            "category": "Requirement 2: Apply Secure Configurations to All System Components.",
            "code": "2.1",
            "label": "2.1 Processes and mechanisms for applying secure configurations to all system components are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "6f8d5129-c4df-49d4-9728-05d78632814b"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.6",
            "label": "12.6 Security awareness education is an ongoing activity.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "71787501-c169-411d-9778-e2cfc5e5736b"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.7",
            "label": "3.7 Where cryptography is used to protect stored account data. key management processes and procedures covering all aspects of the key lifecycle are defined and implemented.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "842b0d6d-2577-4ab4-9b8f-c19679c8d473"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.7",
            "label": "10.7 Failures of critical security control systems are detected. reported. and responded to promptly.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "8500ef96-773c-4616-b5c8-62145ef3def8"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.3",
            "label": "12.3 Risks to the cardholder data environment are formally identified. evaluated. and managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "8553ef88-3cf6-419d-951b-60d9f0bfa59e"
        },
        {
            "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.",
            "code": "7.2",
            "label": "7.2 Access to system components and data is appropriately defined and assigned.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "898f18b0-f44b-4417-be6a-ce77e4291870"
        },
        {
            "category": "Requirement 9: Restrict Physical Access to Cardholder Data.",
            "code": "9.1",
            "label": "9.1 Processes and mechanisms for restricting physical access to cardholder data are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "8ecf814d-8ead-4774-aa4c-9a0f447de93e"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.5",
            "label": "10.5 Audit log history is retained and available for analysis.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "91456cd4-47b4-49a8-9ac7-e10c94deb909"
        },
        {
            "category": "Requirement 10: Log and Monitor All Access to System Components and Cardholder Data.",
            "code": "10.3",
            "label": "10.3 Audit logs are protected from destruction and unauthorized modifications.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "9545f6f7-1959-4972-828e-c002fb7c5e3f"
        },
        {
            "category": "Requirement 7: Restrict Access to System Components and Cardholder Data by Business Need to Know.",
            "code": "7.3",
            "label": "7.3 Access to system components and data is managed via an access control system(s).",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "9bd5a560-6770-4620-8a87-3df344593a05"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.6",
            "label": "11.6 Unauthorized changes on payment pages are detected and responded to.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "9e9b1e73-bb3f-4dac-b85e-51b0a28a746a"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.6",
            "label": "8.6 Use of application and system accounts and associated authentication factors is strictly managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "9f0dec80-eec7-49a8-bbbd-9d1af3c3bd47"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.2",
            "label": "8.2 User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "a77319f3-1eec-4789-8756-b2df9270901b"
        },
        {
            "category": "Requirement 2: Apply Secure Configurations to All System Components.",
            "code": "2.3",
            "label": "2.3 Wireless environments are configured and managed securely.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "aa8d0ac1-cb2a-4e0f-bcaa-d2763497f676"
        },
        {
            "category": "Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open. Public Networks.",
            "code": "4.1",
            "label": "4.1 Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open. public networks are defined and documented.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "af758496-f659-442b-be1a-cd11dbc05de8"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.4",
            "label": "3.4 Access to displays of full PAN and ability to copy cardholder data are restricted.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "b0a9f97c-0ecc-4ebf-865e-2a7efdb3b52b"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.3",
            "label": "11.3 External and internal vulnerabilities are regularly identified. prioritized. and addressed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "b1d5619d-525a-4bc9-9919-4a16efb68f81"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.3",
            "label": "3.3 Sensitive authentication data (SAD) is not stored after authorization.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "b8b5e383-cb55-43fc-b3ea-9a89b4e0ab10"
        },
        {
            "category": "A3 - Designated Entities Supplemental Validation (DESV)",
            "code": "A3.4",
            "label": "A3.4 Logical access to the cardholder data environment is controlled and managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "be27bba6-21a1-416b-8258-cb9c232dc471"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.3",
            "label": "8.3 Strong authentication for users and administrators is established and managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "be64acf7-9530-4008-84d0-3a47086c9c27"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.10",
            "label": "12.10 Suspected and confirmed security incidents that could impact the CDE are responded to immediately.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "be9c173b-84c8-4b07-a71c-be8b1a44da6d"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.8",
            "label": "12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "be9d8fae-7af6-4555-812c-c587b43a8c2a"
        },
        {
            "category": "Requirement 6: Develop and Maintain Secure Systems and Software.",
            "code": "6.1",
            "label": "6.1 Processes and mechanisms for developing and maintaining secure systems and software are defined and understood.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "c059d4de-2980-46c8-bb74-b68b9e1053e4"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.4",
            "label": "12.4 PCI DSS compliance is managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "ca690618-be96-4a4b-ae7e-b55ad2c50241"
        },
        {
            "category": "Requirement 8: Identify Users and Authenticate Access to System Components.",
            "code": "8.5",
            "label": "8.5 Multi-factor authentication (MFA) systems are configured to prevent misuse.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "ca745f8a-b78a-4031-b669-9f80f3aca137"
        },
        {
            "category": "Requirement 11: Test Security of Systems and Networks Regularly.",
            "code": "11.4",
            "label": "11.4 External and internal penetration testing is regularly performed. and exploitable vulnerabilities and security weaknesses are corrected.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "ce87911e-ef45-44ec-8584-b63dbb0d3b10"
        },
        {
            "category": "Requirement 6: Develop and Maintain Secure Systems and Software.",
            "code": "6.3",
            "label": "6.3 Security vulnerabilities are identified and addressed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "d33fbe7b-ca98-4cd7-805c-c25d2f54196d"
        },
        {
            "category": "Requirement 5: Protect All Systems and Networks from Malicious Software.",
            "code": "5.3",
            "label": "5.3 Anti-malware mechanisms and processes are active. maintained. and monitored.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "de7526f0-bfdf-46a0-b6cd-bea9fb3ad41f"
        },
        {
            "category": "Requirement 1: Install and maintain Network Security Controls",
            "code": "1.2",
            "label": "1.2 Network security controls (NSCs) are configured and maintained.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "df9c7366-838e-4107-951b-b7e1c8cfe80b"
        },
        {
            "category": "A3 - Designated Entities Supplemental Validation (DESV)",
            "code": "A3.2",
            "label": "A3.2 PCI DSS scope is documented and validated.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "e1da88c4-6a4b-4e80-a8e8-1927bfb3f985"
        },
        {
            "category": "Requirement 12: Support Information Security with Organizational Policies and Programs",
            "code": "12.2",
            "label": "12.2 Acceptable use policies for end-user technologies are defined and implemented.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "e3c4b267-059e-4591-8e66-d8241bdeb589"
        },
        {
            "category": "Requirement 3: Protect Stored Account Data.",
            "code": "3.5",
            "label": "3.5 Primary account number (PAN) is secured wherever it is stored.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "e69ac6c5-0858-4bc1-813c-6b58b7f26add"
        },
        {
            "category": "A1 - Additional PCI DSS Requirements for Multi-Tenant Service Providerss",
            "code": "A1.2",
            "label": "A1.2 Multi-tenant service providers facilitate logging and incident response for all customers.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "e8e297ed-23f7-4903-be2d-0726a26031cd"
        },
        {
            "category": "Requirement 9: Restrict Physical Access to Cardholder Data.",
            "code": "9.5",
            "label": "9.5 Point of interaction (POI) devices are protected from tampering and unauthorized substitution.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "ec550cfe-4f7e-4b0c-91ee-7ed3846db76a"
        },
        {
            "category": "Requirement 1: Install and maintain Network Security Controls",
            "code": "1.5",
            "label": "1.5 Risks to the CDE from computing devices that are able to connect to both untrusted networks and the CDE are mitigated.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "efdaa881-863d-470a-b6fb-32b32a671145"
        },
        {
            "category": "Requirement 9: Restrict Physical Access to Cardholder Data.",
            "code": "9.3",
            "label": "9.3 Physical access for personnel and visitors is authorized and managed.",
            "referential": "17e0d3f8-4808-4413-94ff-2cd2a217590e",
            "referential_label": "PCI DSS 4.0",
            "uuid": "fa1e1209-7b93-43e9-bace-461cbcf0f639"
        }
    ],
    "version": 1
}