Provide identification mechanisms for the organization's supply chain members.

Back

CONTROL ID
12201

CONTROL TYPE
Business Processes

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Plan for selling facilities, technology, or services., CC ID: 06893

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Solution providers should provide the ability for cardholders to confirm that a merchant is a legitimate customer of their solution. This can be accomplished with ID cards, payment brand acceptance marks, serial numbers, a publicly available website with a list of registered merchants, or through ot… (¶ 6.6.1, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. (IA-4(6) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. (IA-4(6) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. (IA-4(6) ¶ 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
The organization coordinates with [Assignment: organization-defined external organizations] for cross-organization management of identifiers. (IA-4(6) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. (IA-4(6) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. (IA-4(6) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
The organization coordinates with [Assignment: organization-defined external organizations] for cross-organization management of identifiers. (IA-4(6) ¶ 1, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)