Source: www.isaca.org
PCI DSS v3.0 seems to be getting really fussy about penetration testing, systems inventory. After all it is the QSA who decides if they accept the evidence, and i have found some QSA’s to be more diligent than others.
See on Scoop.it – Security, Compliance, & Privacy