Куда я попал?
FDA 21 CFR part 11 (EN)
Стандарт
Sec. 11.300 p. 1 sp. c
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 2.3.2
2.3.2
Defined Approach Requirements:
For wireless environments connected to the CDE or transmitting account data, wireless encryption keys are changed as follows:
Defined Approach Requirements:
For wireless environments connected to the CDE or transmitting account data, wireless encryption keys are changed as follows:
- Whenever personnel with knowledge of the key leave the company or the role for which the knowledge was necessary.
- Whenever a key is suspected of or known to be compromised.
Customized Approach Objective:
Knowledge of wireless encryption keys cannot allow unauthorized access to wireless networks.
Defined Approach Testing Procedures:
Knowledge of wireless encryption keys cannot allow unauthorized access to wireless networks.
Defined Approach Testing Procedures:
- 2.3.2 Interview responsible personnel and examine key-management documentation to verify that wireless encryption keys are changed in accordance with all elements specified in this requirement
Purpose:
Changing wireless encryption keys whenever someone with knowledge of the key leaves the organization or moves to a role that no longer requires knowledge of the key, helps keep knowledge of keys limited to only those with a business need to know.
Also, changing wireless encryption keys whenever a key is suspected or known to be comprised makes a wireless network more resistant to compromise.
Good Practice:
This goal can be accomplished in multiple ways, including periodic changes of keys, changing keys via a defined “joiners-movers-leavers” (JML) process, implementing additional technical controls, and not using fixed pre-shared keys.
In addition, any keys that are known to be, or suspected of being, compromised should be managed in accordance with the entity’s incident response plan at Requirement 12.10.1.
Changing wireless encryption keys whenever someone with knowledge of the key leaves the organization or moves to a role that no longer requires knowledge of the key, helps keep knowledge of keys limited to only those with a business need to know.
Also, changing wireless encryption keys whenever a key is suspected or known to be comprised makes a wireless network more resistant to compromise.
Good Practice:
This goal can be accomplished in multiple ways, including periodic changes of keys, changing keys via a defined “joiners-movers-leavers” (JML) process, implementing additional technical controls, and not using fixed pre-shared keys.
In addition, any keys that are known to be, or suspected of being, compromised should be managed in accordance with the entity’s incident response plan at Requirement 12.10.1.
FDA 21 CFR part 11 (RU):
Sec. 11.300 p. 1 sp. c
(c) Соблюдение процедур управления: деавторизации утерянных, украденных, пропавших или иным образом потенциально скомпрометированных токенов, карт и других устройств, которые несут или генерируют идентификационный код или пароль, а также для временной или постоянной замены с использованием подходящих и строгих мер контроля.
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.