Соответствие требованиям

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

PCI PIN Security v3.1

Framework

Requirement 13

Для проведения оценки соответствия по документу войдите в систему.

Список требований

Control Objective 4: Key-loading to HSMs and POI PIN-acceptance devices is handled in a secure manner
Requirement 13: The mechanisms used to load secret and private keys—such as terminals, external PIN pads, key guns, or similar devices and methods—must be protected to prevent any type of monitoring that could result in the unauthorized disclosure of any component.
PIN Security Requirements:
13-1 Clear-text secret and private keys and key components must be transferred into an SCD only when it can be ensured that:
Any cameras present in the environment must be positioned to ensure they cannot monitor the entering of clear-text key components.
There is not any mechanism at the interface between the conveyance medium and the SCD that might disclose the transferred keys.
The sending and receiving SCDs must be inspected prior to key loading to ensure that they have not been subject to any prior tampering or unauthorized modification that could lead to the disclosure of clear-text keying material.
SCDs must be inspected to detect evidence of monitoring and to ensure dual control procedures are not circumvented during key loading.
An SCD must transfer a plaintext secret or private key only when at least two authorized individuals are uniquely identified by the device.
Testing Procedures:
13-1 Observe key-loading environments, processes, and mechanisms (for example, terminals, PIN pads, key guns, etc.) used to transfer keys and key components. Perform the following:
Ensure that any cameras present are positioned to ensure they cannot monitor the entering of clear-text key components
Examine documented procedures to determine that they require that keys and components are transferred into an SCD only after an inspection of the devices and mechanism; and verify they are followed by observing a demonstration that:
SCDs must be inspected to detect evidence of monitoring and to ensure dual-control procedures are not circumvented during key loading.
An SCD must transfer a plaintext secret or private key only when at least two authorized individuals are identified by the device.
There is not any mechanism (including cabling) at the interface between the conveyance medium and the SCD device that might disclose the transferred keys.
The SCD is inspected to ensure it has not been subject to any prior tampering or unauthorized modification, which could lead to the disclosure of clear-text keying material.
PIN Security Requirements:
13-2 Only SCDs shall be used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility, as delineated in the requirements contained in Annex B. For example, ATM controller (computer) keyboards or those attached to an HSM shall never be used for the loading of clear-text secret or private keys or their components.
Note: The addition of applications that replace or disable the PCI-evaluated firmware functionality invalidates the device approval for each such implementation unless those applications are validated for compliance to PTS POI Security Requirements and listed as such in the approval listings. If modified PEDs are not validated and approved to the KLD approval class, they must be managed in accordance with Annex B Requirement 13-9.
Testing Procedures:
13-2.a Examine documentation to verify that only SCDs are used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility, as delineated in this requirement. For example, ATM keyboards or keyboards attached to an HSM shall never be used for the loading of clear-text secret or private keys or their components.
13-2.b Observe a demonstration of key-loading to verify that only SCDs are used in the loading of clear-text secret or private keys or their components outside of a secure key-loading facility.
PIN Security Requirements:
13-3 The loading of plaintext secret or private key components or shares from an electronic medium—e.g., smart card, thumb drive, fob, or other device used for data transport—directly into a cryptographic device (and verification of the correct receipt of the component, if applicable) results in either of the following:
- All traces of the component are erased or otherwise destroyed from the electronic media in accordance with Requirement 24.
Testing Procedures:
13-3.a Examine documented procedures for the loading of secret or private key components from an electronic medium to a cryptographic device. Verify that procedures define specific instructions to be followed as a result of key loading, including:
- Instructions for the medium to be placed into secure storage and managed under dual control (only if there is a possibility it will be required for future reloading of the component into the cryptographic device); or
- Instructions to erase or otherwise destroy all traces of the component from the electronic medium, including the method to use.
13-3.b Observe key-loading processes to verify that the loading process results in one of the following:
- The medium used for key loading is placed into secure storage and managed under dual control (only if there is a possibility it will be required for future reloading of the component into the cryptographic device); or
- All traces of the component are erased or otherwise destroyed from the electronic medium.
13-3.c Examine records/logs of erasures to confirm that:
- The documented procedure was followed.
- The method used was in accordance with Requirement 24.
PIN Security Requirements:
13-4 For secret or private keys transferred from the cryptographic hardware that generated the key to an electronic key-loading device:
Testing Procedures:
13-4 Examine documented procedures and observe processes for the use of key-loading devices. Perform the following:
PIN Security Requirements:
13-4.1 The key-loading device must be a physically secure SCD, designed and implemented in such a way that any unauthorized disclosure of the key is prevented or detected.
Note: A PCI-approved KLD meets this requirement for a SCD.
Testing Procedures:
13-4.1 Verify the key-loading device is a physically secure SCD, designed and implemented in such a way that any unauthorized disclosure of the key is prevented or detected.
PIN Security Requirements:
13-4.2 The key-loading device must be under the supervision of a person authorized by management or stored in a secure container such that no unauthorized person can have access to it.
Testing Procedures:
13-4.2 Verify the key-loading device is under the supervision of a person authorized by management or stored in a secure container such that no unauthorized person can have access to it.
PIN Security Requirements:
13-4.3 The key-loading device must be designed or controlled so that only authorized personnel under dual control can use and enable it to output a key into another SCD. Such personnel must ensure that a key-recording device is not inserted between the SCDs.
Testing Procedures:
13-4.3.a Verify the key-loading device is designed or controlled so that only authorized personnel under dual control can use and enable it to output a key into another SCD.
13-4.3.b Verify that both authorized personnel involved in key-loading activity inspect the key-loading device prior to use to ensure that a key-recording device has not been inserted between the SCDs.
PIN Security Requirements:
13-4.4 The key-loading device must not retain any information that might disclose the key (e.g., allow replay of the key for injection into a non-SCD) that was installed in the device or a key that it has successfully transferred.
Testing Procedures:
13-4.4 Verify the key-loading device does not retain any information that might disclose the key or a key that it has successfully transferred. For example, attempt to output the same value more than one time from the device or cause the device to display check values for its contents both before and after injection and compare.
PIN Security Requirements:
13-5 Any media (electronic or otherwise) containing secret or private key components or shares used for loading cryptographic keys must be maintained in a secure storage location and accessible only to authorized custodian(s). When removed from the secure storage location, media or devices containing key components or used for the injection of clear-text cryptographic keys must be in the physical possession of only the designated component holder(s), and only for the minimum practical time necessary to complete the key-loading process.
The media upon which a component resides must be physically safeguarded at all times when removed from secure storage. Key components that can be read (for example, those printed on paper or stored on magnetic cards, PROMs, or smartcards) must be managed so they are never used in a manner that would result in the component being displayed in clear text to anyone who is not a designated custodian for that component.
Testing Procedures:
13-5.a Interview personnel and observe media locations to verify that the media is maintained in a secure storage location accessible only to custodian(s) authorized to access the key components.
13-5.b Examine documented procedures for removing media or devices containing key components—or that are otherwise used for the injection of cryptographic keys—from the secure storage location. Verify procedures include the following:
Requirement that media/devices be in the physical possession of only the designated component holder(s).
The media/devices are removed from secure storage only for the minimum practical time necessary to complete the key-loading process
13-5.c Interview designated component holder(s) and examine key-management logs to verify that media or devices removed from secure storage are in the physical possession of only the designated component holder(s).
13-5.d Interview key-injection personnel and examine logs for the removal of media/devices from secure storage to verify they are removed only for the minimum practical time necessary to complete the key-loading process.
PIN Security Requirements:
13-6 If the component is in human-readable form (e.g., printed within a PIN-mailer type document), it must be visible only to the designated component custodian and only for the duration of time required for this person to privately enter the key component into an SCD.
Testing Procedures:
13-6 Validate through interview and observation that printed key components are not opened until just prior to entry into the SCD. Plaintext secret and/or private keys and/or their components are visible only to key custodians for the duration of loading into an SCD.
PIN Security Requirements:
13-7 Written or printed key-component documents must not be opened until immediately prior to use.
Testing Procedures:
13-7.a Examine documented procedures and confirm that printed/written key-component documents are not opened until immediately prior to use.
13-7.b Observe key-loading processes and verify that printed/written key components are not opened until immediately prior to use.
PIN Security Requirements:
13-8 A person with access to any component or share of a secret or private key, or to the media conveying this value, must not have access to other components or shares of this key or to any other medium containing other components or shares of this key that are sufficient to form the necessary threshold to derive the key.
E.g., in an m-of-n scheme (which must use a recognized secret-sharing scheme such as Shamir), such that any three key components or shares (i.e., m = 3) can be used to derive the key, no single individual can have access to more than two components/shares.
Testing Procedures:
13-8.a Examine documented procedures for the use of key components to verify that procedures ensure that any individual custodian only has access to their assigned components and never has access to sufficient key components to reconstruct a cryptographic key.
13-8.b Examine key-component access controls and access logs to verify that any single authorized custodian can and has only had access to their assigned component(s) and cannot access sufficient key components to reconstruct a cryptographic key

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.