Define and assign cryptographic, encryption and key management roles and responsibilities.

Back

CONTROL ID
15470

CONTROL TYPE
Establish Roles

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Manage the use of encryption controls and cryptographic controls., CC ID: 00570

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

The procedures should be carried out by the specifically authorized persons. (P30.3. ¶ 1(1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Roles and responsibilities for performing activities in Requirement 4 are documented, assigned, and understood. (4.1.2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Interview personnel with responsibility for performing activities in Requirement 4 to verify that roles and responsibilities are assigned as documented and are understood. (4.1.2.b, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Examine documentation to verify that descriptions of roles and responsibilities for performing activities in Requirement 4 are documented and assigned. (4.1.2.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Roles and responsibilities for performing activities in Requirement 4 are documented, assigned, and understood. (4.1.2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
Roles and responsibilities for performing activities in Requirement 4 are documented, assigned, and understood. (4.1.2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)