6.1 Ensure that all system components and software have the latest vendor-supplied security patches installed. Install relevant security patches within one month of release.

The latest version of EFT Server is always available at http://www.globalscape.com/support/eft.aspx.

6.2 Establish a process to identify newly discovered security vulnerabilities.

GlobalSCAPE notifies its customers via e-mail if a security vulnerability or exploit patch is available for download.

6.3 - 6.3.7 Develop software applications based on industry best practices and incorporate information security throughout the software development life cycle.

This requirement and sub-requirements relate to your company's policies and procedures for deploying applications and patches from testing through production. However, EFT Server meets the "incorporate information security" requirement by the use of PCI DSS security messages in our product (e.g. in accordance with PCI DSS, affecting authentication and password management, transport management, auditing, etc.).

6.4 Follow change control procedures for all changes to system components.

Not a function of EFT Server; depends on your company's policies.

6.4.4 Back-out procedures

Always back-up EFT Server’s configuration data for disaster recovery and change-control best practices. Refer to Backing Up or Restoring Server Configuration for details of using the Backup and Restore wizard.

6.5 - 6.5.9 Develop all web applications based on secure coding guidelines, such as Open Web Application Security Project Guidelines. Review custom application code to identify coding vulnerabilities. Cover prevention of common coding vulnerabilities in software development processes.

EFT Server is constantly evaluated and tested for security vulnerabilities and exploits. Any problems found are immediately remediated and communicated to our customers.