Back

Monitor for evidence of when tampering indicators are being identified.


CONTROL ID
11905
CONTROL TYPE
Monitor and Evaluate Occurrences
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an anti-tamper protection program., CC ID: 10638

This Control has the following implementation support Control(s):
  • Inspect device surfaces to detect tampering., CC ID: 11868
  • Inspect device surfaces to detect unauthorized substitution., CC ID: 11869
  • Inspect for tampering, as necessary., CC ID: 10640
  • Alert interested personnel and affected parties when evidence of tampering is discovered., CC ID: 15319


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In shared non-government facilities, uniquely identifiable SCEC endorsed tamper-evident seals are used to seal all removable covers on cable reticulation systems. (Security Control: 0195; Revision: 5, Australian Government Information Security Manual, March 2021)
  • The embedded device shall be capable of automatically providing notification to a configurable set of recipients upon discovery of an attempt to make an unauthorized physical access. All notifications of tampering shall be logged as part of the overall audit logging function. (13.6.3 (1) ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • At least once every seven days (11.6.1 Bullet 3 Sub-Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). (11.6.1 Bullet 3 Sub-Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • At least once every seven days (11.6.1.d Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • At the frequency defined in the entity's targeted risk analysis performed for this requirement. (11.6.1.d Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine system settings, monitored payment pages, and results from monitoring activities to verify the use of a change- and tamper-detection mechanism. (11.6.1.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 2, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • At least once every seven days (11.6.1 Bullet 4 Sub-Bullet 1, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). (11.6.1 Bullet 4 Sub-Bullet 2, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 3, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 3, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • At least once every seven days (11.6.1 Bullet 4 Sub-Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). (11.6.1 Bullet 4 Sub-Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • At least once every seven days (11.6.1 Bullet 4 Sub-Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). (11.6.1 Bullet 4 Sub-Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). (11.6.1 Bullet 4 Sub-Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • At least once every seven days (11.6.1 Bullet 4 Sub-Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The mechanism is configured to evaluate the received HTTP header and payment page. (11.6.1 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The embedded device shall be capable of automatically providing notification to a configurable set of recipients upon discovery of an attempt to make an unauthorized physical access. All notifications of tampering shall be logged as part of the overall audit logging function. (13.6.3 (1) ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)