Back

Lock closable storage containers.


CONTROL ID
06307
CONTROL TYPE
Physical and Environmental Protection
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain proper container security., CC ID: 02208

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Examine storage containers used for information to be destroyed to verify that the containers are secured. (§ 9.10.1.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data, Version 2.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (§ 9.8.1(b), Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance; Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced, Version 3.1)
  • Examine storage containers used for information to be destroyed to verify that the containers are secured. (§ 9.10.1.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage, Version 2.0)
  • Examine storage containers used for information to be destroyed to verify that the containers are secured. (§ 9.10.1.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage, Version 2.0)
  • Examine storage containers used for information to be destroyed to verify that the containers are secured. (§ 9.10.1.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Examine the media destruction policy and verify it covers all media and defines the requirements that storage containers used to store material for destruction must be secured. (Testing Procedures § 9.8 Bullet 2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Examine the storage containers that are used for storing the material that is to be destroyed and verify that the containers are secured. (Testing Procedures § 9.8.1.b, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Examine storage containers used for information to be destroyed to verify that the containers are secured. (§ 9.10.1.b Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • The storage containers that are used for materials that are to be destroyed must be secure. (PCI DSS Requirements § 9.8.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Revision 1.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Is there a periodic media destruction policy that defines requirements for the following? - Hard-copy materials must be crosscut shredded, incinerated, or pulped such that there is reasonable assurance the hard-copy materials cannot be reconstructed. - Storage containers used for materials that are … (9.8 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Is there a periodic media destruction policy that defines requirements for the following? - Hard-copy materials must be crosscut shredded, incinerated, or pulped such that there is reasonable assurance the hard-copy materials cannot be reconstructed. - Storage containers used for materials that are … (9.8 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (9.8.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.1)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire A and Attestation of Compliance, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire B and Attestation of Compliance, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0)
  • Is there a periodic media destruction policy that defines requirements that storage containers used for materials that are to be destroyed must be secured? (PCI DSS Question 9.8(b) Bullet 2, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is there a periodic media destruction policy that defines requirements that storage containers used for materials that are to be destroyed must be secured? (PCI DSS Question 9.8(b) Bullet 2, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(b), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Are storage containers used for materials that contain information to be destroyed secured to prevent access to the contents? (PCI DSS Question 9.8.1(c), PCI DSS Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance, Version 3.0)
  • When scoped data is sent or received via physical media, are the transport containers locked or have tamper evident seals? (§ G.14.7, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • The agency shall lock the area, room, or storage container that stores criminal justice information when unattended. (§ 5.9.2(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)