Соответствие требованиям

Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Наш канал

PCI PIN Security v3.1

Framework

В П.32-8

Для проведения оценки соответствия по документу войдите в систему.

Список требований

Normative Annex B – Key-Injection Facilities
Control Objective 7: Equipment used to process PINs and keys is managed in a secure manner
Requirement 32: Any SCD capable of encrypting a key and producing cryptograms (i.e., an HSM or key-injection/loading device) of that key must be protected against unauthorized use to encrypt known keys or known key components. This protection takes the form of one or more of the following:
a) Dual access controls required to enable the key-encryption function
b) Physical protection of the equipment (e.g., locked access to it) under dual control
c) Restriction of logical access to the equipment
Key-injection facilities must ensure protection against unauthorized use for SCDs (e.g., HSMs) used in the key-injection platform that are capable of encrypting a key and producing cryptograms of that key.
PIN Security Requirements:
32-8 Distributed functionality of the KIF that is used for generation and transfer of keys must communicate via mutually authenticated channels. All key transfers between distributed KIF functions must meet the requirements of Control Objective 3.
Testing Procedures:
-
PIN Security Requirements:
32-8.1 The KIF must ensure that keys are transmitted between KIF components in accordance with Control Objective 3.
Testing Procedures:
32-8.1.a Examine documented procedures for key conveyance or transmittal to verify that keys used between KIF components are addressed in accordance with applicable criteria in Control Objective 3.
32-8.1.b Interview responsible personnel and observe conveyance processes to verify that the documented procedures are followed for key conveyance or transmittal for keys used between KIF components.
PIN Security Requirements:
32-8.2 The KIF must implement mutually authenticated channels for communication between distributed KIF functions—for example, between a host used to generate keys and a host used to distribute keys.
Testing Procedures:
32-8.2 Examine documented procedures to confirm they specify the establishment of a channel for mutual authentication of the sending and receiving devices.
PIN Security Requirements:
32-8.3 The KIF must ensure that injection of enciphered secret or private keys into POI devices meets the requirements of Control Objective 4.
Testing Procedures:
-
PIN Security Requirements:
32-8.4 The channel for mutual authentication is established using the requirements of Control Objective 4.
Testing Procedures:
32-8.4.a Examine documented procedures for key loading to hosts and POI devices to verify that they are in accordance with applicable criteria in Control Objective 4.
32-8.4.b Interview responsible personnel and observe key-loading processes to verify that the documented procedures are followed for key conveyance or transmittal for keys used between KIF components.
PIN Security Requirements:
32-8.5 The KIF must implement a mutually authenticated channel for establishment of enciphered secret or private keys between POI devices and an HSM at the KIF.
Testing Procedures:
32-8.5 Examine documented procedures to confirm they specify the establishment of a mutually authenticated channel for establishment of enciphered secret or private keys between sending and receiving devices— e.g., POI devices and HSMs.
PIN Security Requirements:
32-8.6 Mutual authentication of the sending and receiving devices must be performed.
KIFs must validate authentication credentials of a POI prior to any key transport, exchange, or establishment with that device.
POI devices must validate authentication credentials of KDHs prior to any key transport, exchange, or establishment with that device.
When a KLD is used as an intermediate device to establish keys between POIs and a KIF HSM it must not be possible to insert an unauthorized SCD into the flow without detection.
Testing Procedures:
32-8.6 Interview responsible personnel and observe processes for establishment of enciphered secret or private keys between sending and receiving devices to verify:
KIFs validate authentication credentials of a POI prior to any key transport, exchange, or establishment with that device.
POI devices validate authentication credentials of KLDs prior to any key transport, exchange, or establishment with that device.
When a KLD is used as an intermediate device to establish keys between POIs and a KIF HSM, it is not possible to insert an unauthorized SCD into the flow without detection
PIN Security Requirements:
32-8.7 Mechanisms must exist to prevent a non-authorized host from injecting keys into POIs or an unauthorized POI from establishing a key with a legitimate KIF component.
Testing Procedures:
32-8.7 Examine documented procedures to confirm they define mechanisms to prevent an unauthorized host from performing key transport, key exchange, or key establishment with POIs.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.