Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 9.2.2
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
NIST Cybersecurity Framework (RU):
PR.AC-2
PR.AC-2: Управляется и защищен физический доступ к активам
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.2.2
9.2.2
Defined Approach Requirements:
Physical and/or logical controls are implemented to restrict use of publicly accessible network jacks within the facility.
Customized Approach Objective:
Unauthorized devices cannot connect to the entity’s network from public areas within the facility
Defined Approach Testing Procedures:
Defined Approach Requirements:
Physical and/or logical controls are implemented to restrict use of publicly accessible network jacks within the facility.
Customized Approach Objective:
Unauthorized devices cannot connect to the entity’s network from public areas within the facility
Defined Approach Testing Procedures:
- 9.2.2 Interview responsible personnel and observe locations of publicly accessible network jacks to verify that physical and/or logical controls are in place to restrict access to publicly accessible network jacks within the facility.
Purpose:
Restricting access to network jacks (or network ports) will prevent malicious individuals from plugging into readily available network jacks and gaining access to the CDE or systems connected to the CDE.
Good Practice:
Whether logical or physical controls, or a combination of both, are used, they should prevent an individual or device that is not explicitly authorized from being able to connect to the network.
Examples:
Methods to meet this requirement include network jacks located in public areas and areas accessible to visitors could be disabled and only enabled when network access is explicitly authorized. Alternatively, processes could be implemented to ensure that visitors are escorted at all times in areas with active network jacks.
Restricting access to network jacks (or network ports) will prevent malicious individuals from plugging into readily available network jacks and gaining access to the CDE or systems connected to the CDE.
Good Practice:
Whether logical or physical controls, or a combination of both, are used, they should prevent an individual or device that is not explicitly authorized from being able to connect to the network.
Examples:
Methods to meet this requirement include network jacks located in public areas and areas accessible to visitors could be disabled and only enabled when network access is explicitly authorized. Alternatively, processes could be implemented to ensure that visitors are escorted at all times in areas with active network jacks.
NIST Cybersecurity Framework (EN):
PR.AC-2
PR.AC-2: Physical access to assets is managed and protected
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.