Product Documentation

Requirement 6: Develop and Maintain Secure Systems and Applications

Change control procedures must include the following:

PCI DSS Requirement

How SAKA Meets this Requirement

6.4.5.1—Documentation of impact

For the impact on PANs, this requirement must be fulfilled by customer sites.

StrongKey evaluates the potential impact of changes to SAKA components, to ensure that the security of the appliance is not compromised.

6.4.5.2—Documented change approval by authorized parties

For changes to system components in the customer's infrastructure, this requirement must be fulfilled by customers.

Any changes to SAKA components are always signed off by StrongKey management before implementation.

6.4.5.3—Functionality testing to verify that the change does not adversely impact the security of the system

For customer infrastructure, this requirement must be fulfilled by customers.

All changes to SAKA components are tested before release to customers.

6.4.5.4—Back-out procedures

For customer infrastructure, this requirement must be fulfilled by customers.

SAKA software is maintained in a software repository under the control of strong authentication. Any change that jeopardizes the integrity of the SAKA appliance can be backed out to a previous release at any time.