Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 9.2.1.1
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
ГОСТ Р № 57580.1-2017 от 01.01.2018 "Безопасность финансовых (банковских) операций. Защита информации финансовых организаций. Базовый состав организационных и технических мер. Раздел 7. Требования к системе защиты информации":
ФД.18
ФД.18 Хранение архивов информации средств видеонаблюдения, регистрирующих доступ к общедоступным объектам доступа, не менее 14 дней
3-Н 2-Т 1-Т
3-Н 2-Т 1-Т
ФД.16
ФД.16 Хранение архивов информации средств видеонаблюдения не менее 90 дней
3-Н 2-Н 1-Т
3-Н 2-Н 1-Т
ФД.17
ФД.17 Регистрация доступа к общедоступным объектам доступа с использованием средств видеонаблюдения
3-Н 2-Т 1-Т
3-Н 2-Т 1-Т
ФД.10
ФД.10 Оборудование помещений средствами видеонаблюдения
3-Н 2-Н 1-Т
3-Н 2-Н 1-Т
ФД.15
ФД.15 Хранение архивов информации средств видеонаблюдения не менее 14 дней (в случае применения средств видеонаблюдения)
3-Н 2-Т 1-Н
3-Н 2-Т 1-Н
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.2.1.1
9.2.1.1
Defined Approach Requirements:
Individual physical access to sensitive areas within the CDE is monitored with either video cameras or physical access control mechanisms (or both) as follows:
Defined Approach Requirements:
Individual physical access to sensitive areas within the CDE is monitored with either video cameras or physical access control mechanisms (or both) as follows:
- Entry and exit points to/from sensitive areas within the CDE are monitored.
- Monitoring devices or mechanisms are protected from tampering or disabling.
- Collected data is reviewed and correlated with other entries.
- Collected data is stored for at least three months, unless otherwise restricted by law.
Customized Approach Objective:
Trusted, verifiable records are maintained of individual physical entry to, and exit from, sensitive areas.
Defined Approach Testing Procedures:
Trusted, verifiable records are maintained of individual physical entry to, and exit from, sensitive areas.
Defined Approach Testing Procedures:
- 9.2.1.1.a Observe locations where individual physical access to sensitive areas within the CDE occurs to verify that either video cameras or physical access control mechanisms (or both) are in place to monitor the entry and exit points.
- 9.2.1.1.b Observe locations where individual physical access to sensitive areas within the CDE occurs to verify that either video cameras or physical access control mechanisms (or both) are protected from tampering or disabling.
- 9.2.1.1.c Observe the physical access control mechanisms and/or examine video cameras and interview responsible personnel to verify that:
- Collected data from video cameras and/or physical access control mechanisms is reviewed and correlated with other entries.
- Collected data is stored for at least three months.
Purpose:
Maintaining details of individuals entering and exiting the sensitive areas can help with investigations of physical breaches by identifying individuals that physically accessed the sensitive areas, as well as when they entered and exited.
Good Practice:
Whichever mechanism meets this requirement, it should effectively monitor all entry and exit points to sensitive areas.
Criminals attempting to gain physical access to sensitive areas will often try to disable or bypass the monitoring controls. To protect these controls from tampering, video cameras could be positioned so they are out of reach and/or be monitored to detect tampering. Similarly, physical access control mechanisms could be monitored or have physical protections installed to prevent them from being damaged or disabled by malicious individuals.
Maintaining details of individuals entering and exiting the sensitive areas can help with investigations of physical breaches by identifying individuals that physically accessed the sensitive areas, as well as when they entered and exited.
Good Practice:
Whichever mechanism meets this requirement, it should effectively monitor all entry and exit points to sensitive areas.
Criminals attempting to gain physical access to sensitive areas will often try to disable or bypass the monitoring controls. To protect these controls from tampering, video cameras could be positioned so they are out of reach and/or be monitored to detect tampering. Similarly, physical access control mechanisms could be monitored or have physical protections installed to prevent them from being damaged or disabled by malicious individuals.
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.