Back

Assign system hardening to qualified personnel.


CONTROL ID
06813
CONTROL TYPE
Establish Roles
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Are system administrators and/or personnel that configure system components knowledgeable about common security parameter settings for those system components? (PCI DSS Question 2.2.4(a), PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
  • Are system administrators and/or personnel that configure system components knowledgeable about common security parameter settings for those system components? (PCI DSS Question 2.2.4(a), PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Are system administrators and/or personnel that configure system components knowledgeable about common security parameter settings for those system components? (PCI DSS Question 2.2.4(a), PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0)
  • Are system administrators and/or personnel that configure system components knowledgeable about common security parameter settings for those system components? (PCI DSS Question 2.2.4(a), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Are system administrators and/or personnel that configure system components knowledgeable about common security parameter settings for those system components? (PCI DSS Question 2.2.4(a), PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • For cloud computing services, who is responsible for hardening and patching? (§ V.1.51, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • Is the cloud computing provider contractually responsible for the initial base image hardening and patching? (§ V.1.51.1, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • For cloud computing services, is the client contractually responsible for the initial base image hardening and patching? (§ V.1.51.2, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • Is the cloud computing provider contractually responsible for ongoing hardening and patching? (§ V.1.51.3, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • For cloud computing services, is the client contractually responsible for ongoing hardening and patching? (§ V.1.51.4, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)