#### Note 2-TRA for Flexible Activity Frequency - **Date:** November 2023 - **Concept:** TRA for Defining Frequency of Activities - **Details:** - Applicable to PCI DSS requirements offering flexibility in control frequency (e.g., [[12.3.1 requirement guidance|Requirement 12.3.1]]). - Entities analyze risks to determine appropriate control frequencies. - Focuses on assets and threats, considering various risk factors. - **References:** PCI DSS v4.x Sample Template: Targeted Risk Analysis for Activity Frequency, PCI SSC Document Library.