Back

Refrain from allowing remote users to copy files to remote devices.


CONTROL ID
06792
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a remote access and teleworking program., CC ID: 04545

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • never allowing untrusted people to connect other devices or media to their devices, including for charging (Security Control: 1299; Revision: 2; Bullet 4, Australian Government Information Security Manual, March 2021)
  • The usage policies must prohibit the copying, moving, or storing of cardholder data on local hard drives and removable media for personnel who access cardholder data by remote access, unless explicitly authorized. (PCI DSS Requirements § 12.3.10, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • For personnel accessing cardholder data via remote-access technologies, does the usage policy specify the prohibition of copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need? (PCI DSS Question 12.3.10(a), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • For personnel accessing cardholder data via remote-access technologies, does the usage policy specify the prohibition of copying, moving, and storage of cardholder data onto local hard drives and removable electronic media, unless explicitly authorized for a defined business need? (PCI DSS Question 12.3.10(a), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Mobile devices should protect the confidentiality of stored information by restricting the copying of files only to authorized portable storage devices. (CF.14.02.07a, The Standard of Good Practice for Information Security)
  • When remote access is permitted, are remote users prevented from copying data to remote devices? (§ H.5.5, Shared Assessments Standardized Information Gathering Questionnaire - H. Access Control, 7.0)