Requirement 6.6

For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:

␣ Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes

␣ Installing a web-application firewall in front of public-facing web applications