Back

Transport restricted media using a delivery method that can be tracked.


CONTROL ID
11777
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Control the transiting and internal distribution or external distribution of assets., CC ID: 00963

This Control has the following implementation support Control(s):
  • Track restricted storage media while it is in transit., CC ID: 00967


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Is media sent by secured courier or other delivery method that can be accurately tracked? (§ 9.6.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance; Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance; Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced, Version 3.2)
  • Send the media by secured courier or other delivery method that can be accurately tracked. (9.6.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Send the media by secured courier or other delivery method that can be accurately tracked. (9.6.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Send the media by secured courier or other delivery method that can be accurately tracked. (9.6.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Revision 1.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B and Attestation of Compliance, Verions 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Is media sent by secured courier or other delivery method that can be accurately tracked? (9.6.2, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Select a recent sample of several days of offsite tracking logs for all media, and verify tracking details are documented. (9.6.2.b, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Interview personnel and examine records to verify that all media sent outside the facility is logged and sent via secured courier or other delivery method that can be tracked. (9.6.2.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Interview personnel and examine records to verify that all media sent outside the facility is logged and sent via secured courier or other delivery method that can be tracked. (9.4.3.b, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire B and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire B-IP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Media is sent by secured courier or other delivery method that can be accurately tracked. (9.4.3 Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (MP.3.124, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (MP.3.124, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (MP.3.124, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas (MP.L2-3.8.5 Media Accountability, Cybersecurity Maturity Model Certification, Version 2.0, Level 2)
  • Transport mechanisms for moving data to off-site storage locations. (App A Tier 2 Objectives and Procedures N.7 Bullet 1 Sub-Bullet 4, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (3.8.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (3.8.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 1)
  • Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. (3.8.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 2)
  • Development of employee security policies and procedures for the storage of, access to, transport of and transmittal of personal information off-premises; (§ 38a-999b(b)(2)(E), Connecticut General Statutes Title 38a, Chapter 705, Section 38a - 999b, Comprehensive information security program to safeguard personal information. Certification. Notice requirements for actual or suspected breach. Penalty.)