Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 9.3.4
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
NIST Cybersecurity Framework (RU):
PR.IP-5
PR.IP-5: Соблюдаются политика и положения физической безопасности для организационных активов
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.3.4
9.3.4
Defined Approach Requirements:
A visitor log is used to maintain a physical record of visitor activity within the facility and within sensitive areas, including:
Defined Approach Requirements:
A visitor log is used to maintain a physical record of visitor activity within the facility and within sensitive areas, including:
- The visitor’s name and the organization represented.
- The date and time of the visit.
- The name of the personnel authorizing physical access.
- Retaining the log for at least three months, unless otherwise restricted by law.
Customized Approach Objective:
Records of visitor access that enable the identification of individuals are maintained.
Defined Approach Testing Procedures:
Records of visitor access that enable the identification of individuals are maintained.
Defined Approach Testing Procedures:
- 9.3.4.a Examine the visitor log and interview responsible personnel to verify that a visitor log is used to record physical access to the facility and sensitive areas.
- 9.3.4.b Examine the visitor log and verify that the log contains:
- The visitor’s name and the organization represented.
- The personnel authorizing physical access.
- Date and time of visit.
- 9.3.4.c Examine visitor log storage locations and interview responsible personnel to verify that the log is retained for at least three months, unless otherwise restricted by law.
Purpose:
A visitor log documenting minimum information about the visitor is easy and inexpensive to maintain. It will assist in identifying historical physical access to a building or room and potential access to cardholder data.
Good Practice:
When logging the date and time of visit, including both in and out times is considered a best practice, since it provides helpful tracking information and provides assurance that a visitor has left at the end of the day. It is also good to verify that a visitor’s ID (driver’s license, etc.) matches the name they put on the visitor log.
A visitor log documenting minimum information about the visitor is easy and inexpensive to maintain. It will assist in identifying historical physical access to a building or room and potential access to cardholder data.
Good Practice:
When logging the date and time of visit, including both in and out times is considered a best practice, since it provides helpful tracking information and provides assurance that a visitor has left at the end of the day. It is also good to verify that a visitor’s ID (driver’s license, etc.) matches the name they put on the visitor log.
NIST Cybersecurity Framework (EN):
PR.IP-5
PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met
Связанные защитные меры
Ничего не найдено