Mostrando 2 respuestas a los debates
  • Autor
    Entradas
    • #44462
      NicolasRicci
      Participante

      Hola David. Tengo una duda sobre la informacion a completar en el ROC con la version 3 del estandar.
      En los casilleros donde pide:
      – «Provide the name of the assessor who attests that the usage policies were verified to include processes for explicit approval from authorized parties to use the technologies.»

      – «Provide the name of the assessor who attests that the usage policies were verified to include processes define a list of all devices and personnel authorized to use the devices.»

      La pregunta es como habria que completar dichos campos? cual es la informacion que se solicita?
      Alcanza con poner el nombre del asesor?

      Saludos

    • #44585
      David Acosta
      Participante

      Hola Nicolás:
      En el documento «Frequently Asked Questions for use with ROC Reporting Template for PCI DSS v3.0» (https://www.pcisecuritystandards.org/documents/PCI_DSS_3_0_ROC_RTs_FAQs.pdf) encuentras esta respuesta:
      «…
      Q 24 What is the intent of having the QSA name in several sections of the report within the requirements, such as the «Provide the name of the assessor who confirms that…» instructions?
      A AQM gave each response instruction close consideration and did not want to encourage reporting for the sake of reporting. In most places, there were details the assessor could provide that would not boil down to «yes/no» or repeating of the testing procedure, but that was not the case for all. In the requirements where it was determined that no additional useful reporting was likely, we determined this «signature» was a better course of action. The consistency of using the assessor’s name as an attestation is deemed stronger than a simple «yes» or «checkmark.»
      …»
      En este caso, con indicar el nombre del asesor (QSA/ISA) que realizó la prueba es más que suficiente.
      Saludos,
      David

    • #44586
      NicolasRicci
      Participante

      Muchas gracias David.
      Saludos.

Mostrando 2 respuestas a los debates
  • Debes estar registrado para responder a este debate.