💼 9.9.3 Provide training for personnel to be aware of attempted tampering or replacement of devices.

• ID: /frameworks/pci-dss-v3.2.1/09/09/03

Description

Training should include the following:

• Verify the identity of any third-party persons claiming to be repair or maintenance personnel, prior to granting them access to modify or troubleshoot devices.
• Do not install, replace, or return devices without verification.
• Be aware of suspicious behavior around devices (for example, attempts by unknown persons to unplug or open devices).
• Report suspicious behavior and indications of device tampering or substitution to appropriate personnel (for example, to a manager or security officer).

Similar

• Sections
  • /frameworks/pci-dss-v4.0/09/05/01/03
• Internal
  • ID: dec-c-3c4eace7

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 9.5.1.3 Training is provided for personnel in POI environments to be aware of attempted tampering or replacement of POI devices.					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v4.0 → 💼 9.5.1.3 Training is provided for personnel in POI environments to be aware of attempted tampering or replacement of POI devices.					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance