Back

Include resuming security system monitoring and logging operations in the Responding to Failures in Security Controls procedure.


CONTROL ID
12521
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain Responding to Failures in Security Controls procedures., CC ID: 12514

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Additional requirement for service providers only: Respond to failures of any critical security controls in a timely manner. Processes for responding to failures in security controls must include: - Restoring security functions - Identifying and documenting the duration (date and time start to end) … (10.8.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Resuming monitoring of security controls (A3.3.1.1 Bullet 7, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Respond to failures of any critical security controls in a timely manner. Processes for responding to failures in security controls must include: - Restoring security functions - Identifying and documenting the duration (date and time start to end) of the security failure - Identifying and documen… (10.8.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Are processes for responding to critical security control failures defined and implemented, and include: - Restoring security functions - Identifying and documenting the duration (date and time start to end) of the security failure - Identifying and documenting cause(s) of failure, including root ca… (10.8.1(a), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Examine documented policies and procedures and interview personnel to verify processes are defined and implemented to respond to a security control failure, and include: - Restoring security functions - Identifying and documenting the duration (date and time start to end) of the security failure - I… (10.8.1.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Resuming monitoring of security controls. (A3.3.1.2 Bullet 7, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Resuming monitoring of security controls. (10.7.3 Bullet 7, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Resuming monitoring of security controls. (10.7.3 Bullet 7, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Resuming monitoring of security controls. (10.7 3 Bullet 7, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • provide the capability to protect against the loss of essential services and functions in the event of an audit processing failure; and (6.12.1 ΒΆ 1 (a), Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)