Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Framework № PCI DSS 4.0 от 01.03.2022

Payment Card Industry Data Security Standard (RU)

Requirement 9.3.4

Для проведения оценки соответствия по документу войдите в систему.

Список требований

Похожие требования

NIST Cybersecurity Framework (RU):
PR.IP-5
PR.IP-5: Соблюдаются политика и положения физической безопасности для организационных активов 
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.3.4
9.3.4
Defined Approach Requirements: 
A visitor log is used to maintain a physical record of visitor activity within the facility and within sensitive areas, including:
  • The visitor’s name and the organization represented.
  • The date and time of the visit.
  • The name of the personnel authorizing physical access.
  • Retaining the log for at least three months, unless otherwise restricted by law. 
Customized Approach Objective:
 Records of visitor access that enable the identification of individuals are maintained. 

Defined Approach Testing Procedures:
  • 9.3.4.a Examine the visitor log and interview responsible personnel to verify that a visitor log is used to record physical access to the facility and sensitive areas. 
  • 9.3.4.b Examine the visitor log and verify that the log contains:
    • The visitor’s name and the organization represented.
    • The personnel authorizing physical access.
    • Date and time of visit. 
  • 9.3.4.c Examine visitor log storage locations and interview responsible personnel to verify that the log is retained for at least three months, unless otherwise restricted by law. 
Purpose:
A visitor log documenting minimum information about the visitor is easy and inexpensive to maintain. It will assist in identifying historical physical access to a building or room and potential access to cardholder data. 

Good Practice:
When logging the date and time of visit, including both in and out times is considered a best practice, since it provides helpful tracking information and provides assurance that a visitor has left at the end of the day. It is also good to verify that a visitor’s ID (driver’s license, etc.) matches the name they put on the visitor log. 
NIST Cybersecurity Framework (EN):
PR.IP-5 PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met

Связанные защитные меры

Ничего не найдено