Open Source PCI-DSS
- Home
- What is PCI-DSS?
- Requirements
- Requirement 1
- Requirement 2
- Requirement 3
- Requirement 4
- Requirement 5
- Requirement 6
- Requirement 7
- Requirement 8
- Requirement 9
- Requirement 10
- Requirement 11
- Requirement 12
Requirement 11.3
Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub- network added to the environment, or a web server added to the environment). These penetration tests must include the following: