Back

Record the manufacturer's serial number for applicable assets in the asset inventory.


CONTROL ID
06635
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an asset inventory., CC ID: 06631

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Examine the list of devices to verify it includes the device serial number or other unique identification method. (Testing Procedures § 9.9.1.a Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • The list of devices must include the device serial number or other unique identification method. (PCI DSS Requirements § 9.9.1 Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Maintain an up-to-date list of devices. The list should include the following: - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification. (9.9.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Maintain an up-to-date list of devices. The list should include the following: - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification. (9.9.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Maintain an up-to-date list of devices. The list should include the following: - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification. (9.9.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Revision 1.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Verions 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1 (a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.1)
  • Does the list of devices include the following? - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification (9.9.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire P2PE and Attestation of Compliance, Version 3.2)
  • Examine the list of devices to verify it includes: - Make, model of device - Location of device (for example, the address of the site or facility where the device is located) - Device serial number or other method of unique identification. (9.9.1.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire B and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Does the list of devices that capture payment card data via direct physical interaction with the card include the device serial number or other method of unique identification? (PCI DSS Question 9.9.1(a) Bullet 3, PCI DSS Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance, Version 3.0)
  • An essential step in protecting your mobile device is to record identifying attributes of the device and its use. These attributes include but are not limited to the following: - Serial number (hardware and electronic should match) - Model number - Operating system, firmware, and payment-acceptance … (¶ 5.6.1, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Self-Assessment Questionnaire B and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Self-Assessment Questionnaire B-IP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Device serial number or other methods of unique identification. (9.5.1.1 Bullet 3, Self-Assessment Questionnaire P2PE and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Asset registers should specify important information about each asset, including a unique description of hardware in use (e.g., using a serial number). (CF.03.04.04a-1, The Standard of Good Practice for Information Security)
  • Asset registers should specify important information about each asset, including a unique description of hardware in use (e.g., using a serial number). (CF.03.04.04b, The Standard of Good Practice for Information Security, 2013)
  • Does the inventory system contain a field for the serial number? (§ D.1.1.4, Shared Assessments Standardized Information Gathering Questionnaire - D. Asset Management, 7.0)