Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 9.4.1.2
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
ГОСТ Р № 57580.1-2017 от 01.01.2018 "Безопасность финансовых (банковских) операций. Защита информации финансовых организаций. Базовый состав организационных и технических мер. Раздел 9. Требования к защите информации на этапах жизненного цикла автоматизированных систем и приложений":
ЖЦ.27
ЖЦ.27 Обеспечение защиты резервных копий защищаемой информации
3-Н 2-О 1-О
3-Н 2-О 1-О
CIS Critical Security Controls v8 (The 18 CIS CSC):
11.1
11.1 Establish and Maintain a Data Recovery Process
Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Russian Unified Cyber Security Framework (на основе The 18 CIS CSC):
11.1
11.1 Реализован и поддерживается процесс восстановления данных
Создан документ, в котором прописана область применения процедур восстановления данных, указаны приоритеты и меры защиты для резервных копий.
Документ пересматривается раз в год или чаще.
Создан документ, в котором прописана область применения процедур восстановления данных, указаны приоритеты и меры защиты для резервных копий.
Документ пересматривается раз в год или чаще.
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.4.1.2
9.4.1.2
Defined Approach Requirements:
The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months.
Customized Approach Objective:
The security controls protecting offline backups are verified periodically by inspection.
Defined Approach Testing Procedures:
Defined Approach Requirements:
The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months.
Customized Approach Objective:
The security controls protecting offline backups are verified periodically by inspection.
Defined Approach Testing Procedures:
- 9.4.1.2.a Examine documentation to verify that procedures are defined for reviewing the security of the offline media backup location(s) with cardholder data at least once every 12 months.
- 9.4.1.2.b Examine documented procedures, logs, or other documentation, and interview responsible personnel at the storage location(s) to verify that the storage location’s security is reviewed at least once every 12 months.
Purpose:
Conducting regular reviews of the storage facility enables the organization to address identified security issues promptly, minimizing the potential risk. It is important for the entity to be aware of the security of the area where media is being stored.
Conducting regular reviews of the storage facility enables the organization to address identified security issues promptly, minimizing the potential risk. It is important for the entity to be aware of the security of the area where media is being stored.
Guideline for a healthy information system v.2.0 (EN):
37 STRENGTHENED
/STRENGTHENED
Once this backup policy has been established, it is desirable to plan, at least once per year, a data restoration exercise and to keep a technical log of the results.
Once this backup policy has been established, it is desirable to plan, at least once per year, a data restoration exercise and to keep a technical log of the results.
CIS Critical Security Controls v7.1 (SANS Top 20):
CSC 10.4
CSC 10.4 Protect Backups
Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
Ensure that backups are properly protected via physical security or encryption when they are stored, as well as when they are moved across the network. This includes remote backups and cloud services.
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.