Identify and list all bespoke and custom software. Requirement 6.3.2 specifies that in order to manage vulnerabilities and patches, entities are now required to identify and list all of their bespoke and custom software, including any third-party software that has been incorporated into the organization’s bespoke and custom software. The inventory should cover all “payment software components and dependencies, including supported execution platforms or environments, third-party libraries, services, and other required functionalities.”
This along with some other new requirements will be mandated by 2025. Read the article below for more info.