Куда я попал?
PCI PIN Security v3.1
Framework
П.12-3
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
PIN Security Requirements:
12-3 The loading of clear-text cryptographic keys using a key-loading device requires dual control to authorize any key-loading session. It shall not be possible for a single person to use the key-loading device to load clear keys alone. Dual control must be implemented using one or more of, but not limited to, the following techniques:- Two or more passwords/authentication codes of five characters or more (vendor default values must be changed)
- Multiple cryptographic tokens (such as smartcards), or physical keys
- Physical access controls
- Separate key-loading devices for each component/share
Note: For devices that do not support two or more passwords/authentication codes, this may be achieved by splitting the single password used by the device into two halves, each half controlled by a separate authorized custodian. Each half must be a minimum of five characters.
Note: Passwords/authentication codes to the same object may be assigned to a custodian group team⎯e.g., custodian team for component A.
Note: The addition of applications that replace or disable the PCI-evaluated firmware functionality invalidates the device approval for each such implementation unless those applications are validated for compliance to PTS POI Security Requirements and listed as such in the approval listings. If modified PEDs are not validated and approved to the KLD approval class, they must be managed in accordance with Annex B Requirement 13-9.
Testing Procedures:
12-3.a Identify instances where a key-loading device is used to load clear-text keys. Examine documented procedures for loading of clear-text cryptographic keys, to verify:- Procedures require dual control to authorize any key-loading session.
- The techniques to be used to achieve dual control are identified.
- There is a requirement to change any default passwords/authentication codes and set passwords/authentication codes that have at least five characters.
- There is a requirement that if passwords/authentication codes or tokens are used, they be maintained separately.
12-3.b For each type of production SCDs loaded using a key-loading device, observe the process (e.g., a demonstration) of loading clear-text cryptographic keys and interview personnel. Verify that:- Dual control is necessary to authorize the key-loading session.
- Expected techniques are used.
- Default passwords/authentication codes are reset.
- Any passwords/authentication codes used are a minimum of five characters.
- Any passwords/authentication codes or tokens are maintained separately.
12-3.c Examine documented records of key-loading to verify the presence of two authorized persons during each type of key-loading activity.
12-3.d Ensure that any default dual-control mechanisms (e.g., default passwords/authentication codes—usually printed in the vendor's manual—in a key-loading device) have been disabled or changed.
| Название | Severity | IP | Integral | |
|---|---|---|---|---|
| 1111111 111 11 1111 11111111111111111 1111111 1 11111111111111111 |
-
|
1 |
-
|
|
| 11 111111111 111 1111111111111111111111111 1111 1 11111 1111111 |
-
|
1 |
-
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.