TA-06—Payment Card Processing Security Awareness Training
>Control Description
Theme
Type
Policy/Standard
Training & Awareness Procedure>Implementation Guidance
1. Ensure that the training materials to check if they cover the following topics: • Confirming the identity of third-party repair or maintenance personnel before giving them access to devices. • Not making changes or returning devices without proper verification. • Being alert to unusual behavior around devices, like unauthorized attempts to tamper with them. • Reporting any suspicious behavior or signs of device tampering to authorized personnel, such as a manager or security officer.
>Testing Procedure
1 Inspect training material to determine whether it detailed: • verify the identity of third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices. • do not install, replace, or return devices without verification • be aware of suspicious behavior around devices (e.g., attempts by unknown persons to unplug or open devices) • report suspicious behavior and indications of device tampering or substitution to authorized personnel (e.g., to a manager or security officer) 2 Inspect training completion records for a selection of employees.
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.