Куда я попал?
Framework № PCI DSS 4.0 от 01.03.2022
Payment Card Industry Data Security Standard (RU)
Requirement 9.5.1.1
Для проведения оценки соответствия по документу войдите в систему.
Список требований
Похожие требования
Framework № PCI DSS 4.0 от 01.03.2022 "Payment Card Industry Data Security Standard":
Requirement 9.5.1.1
9.5.1.1
Defined Approach Requirements:
An up-to-date list of POI devices is maintained, including:
Defined Approach Requirements:
An up-to-date list of POI devices is maintained, including:
- Make and model of the device.
- Location of device.
- Device serial number or other methods of unique identification.
Customized Approach Objective:
The identity and location of POI devices is recorded and known at all times.
Defined Approach Testing Procedures:
The identity and location of POI devices is recorded and known at all times.
Defined Approach Testing Procedures:
- 9.5.1.1.a Examine the list of POI devices to verify it includes all elements specified in this requirement.
- 9.5.1.1.b Observe POI devices and device locations and compare to devices in the list to verify that the list is accurate and up to date.
- 9.5.1.1.c Interview personnel to verify the list of POI devices is updated when devices are added, relocated, decommissioned, etc.
Purpose:
Keeping an up-to-date list of POI devices helps an organization track where devices are supposed to be and quickly identify if a device is missing or lost.
Good Practice:
The method for maintaining a list of devices may be automated (for example, a devicemanagement system) or manual (for example, documented in electronic or paper records). For on-the-road devices, the location may include the name of the personnel to whom the device is assigned.
Examples:
Methods to maintain device locations include identifying the address of the site or facility where the device is located.
Keeping an up-to-date list of POI devices helps an organization track where devices are supposed to be and quickly identify if a device is missing or lost.
Good Practice:
The method for maintaining a list of devices may be automated (for example, a devicemanagement system) or manual (for example, documented in electronic or paper records). For on-the-road devices, the location may include the name of the personnel to whom the device is assigned.
Examples:
Methods to maintain device locations include identifying the address of the site or facility where the device is located.
Стандарт № ИСО/МЭК 27001:2022(E) от 25.10.2022 "Информационная безопасность, кибербезопасность и защита частной жизни — Системы управления информационной безопасностью — Требования. Приложение А":
А.7.13
А.7.13 Обслуживание оборудования
В целях обеспечения доступности, целостности и конфиденциальности информации оборудование должно обслуживаться корректным образом.
В целях обеспечения доступности, целостности и конфиденциальности информации оборудование должно обслуживаться корректным образом.
Стандарт № ISO/IEC 27001:2022(E) от 25.10.2022 "Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Annex A":
А.7.13
А.7.13 Equipment maintenance
Equipment shall be maintained correctly to ensure availability, integrity and confidentiality of information.
Equipment shall be maintained correctly to ensure availability, integrity and confidentiality of information.
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.