PCI DSS Requirements 6.1
The requirement 6.1 can be fulfilled by establishing a process to identify security vulnerabilities in your internal and external applications, by using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as `high`, `medium`, or `low`) to newly discovered security vulnerabilities.
PCI DSS Requirements 6.2
To fulfill requirement 6.2 ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
PCI DSS Requirements 11.3.1
The requirement 11.3.1 covers the necessity to conduct external penetration testing at least once in every six months and after any significant change or upgrade of the organization`s infrastructure or application.
PCI DSS Requirements 11.3.2
The requirement 11.3.2 includes all the requirements as discussed in 11.3.1, but instead of an external pen test, the organization needs to perform internal pen tests. These pen tests are required to be performed at least once every six months.
PCI DSS Requirements 11.3.3
The requirement 11.3.3 says that the vulnerabilities (loopholes) found during the pen tests must be resolved and additional testing should be performed until the vulnerabilities are dealt with properly.
PCI DSS Requirements 11.3.4
The goal of the requirement 11.3.4 is to verify that the segmentation methods used are efficient and operational and the out-of-scope systems are isolated from the systems in cardholder data environment.