|
Roles and Responsibilities- Information Security Personnel
- Assignment of IT Security Duties
- Security Audits
Security Management System- Security Policies, Standards, and Procedures
- Contingency Plans and Procedures
Data Access Authorization and Maintenance- Personnel Security
- Security Training
- Risk Analysis
- Incident Response Plans and Forensics
Network Security- Personalization Networks
- Wireless Network Security
IT System Security- Systems Design and Maintenance
- Hardware Security
Software Development
|
|
Data Security- Data Classification
- Data Transmission - From Issuer to Bureau
- Data Transfer - Between Bureau Facilities
- Storage Media
- Data Destruction or Declassification
- Documentation Control
- Data Hosting
- Additional Requirements for Contactless Smart Cards
User Management and Access Controls- User Management
- Password Regulations
- Session Locking
- Account Locking
Network Monitoring and Testing- Vulnerability Scanning and Penetration Testing
- Patch and Configuration Management
- Intrusion Detection System
- Audit Trails and Log Files
Key Management- Key Management for Card Personalization
- Key Distribution
- Key Loading
- Key Storage
- Key Usage
- Key Backup
- Key Archive
- Key Destruction
- Key Management in Test Systems
- Key Management Security Hardware
- Key Management Security Administration
- Key Management Audit Trail
- Key Compromise
Facility Security for Information Assets- Physical Access to Information Assets
- Fire Exposure and Risk to IT Systems
- Electrical Power
|