PCI DSS 3.2 Requirement 9: Restrict Physical Access to Cardholder Data

Testing Procedure	How Sheriff CSM Delivers	Sheriff CSM Instructions	Sheriff CSM Documentation
9.9.1.a Examine the list of devices to verify it includes: • Make, model of device • Location of device (for example, the address of the site or facility where the device is located) • Device serial number or other method of unique identification.	Sheriff CSM provides asset management features that can assist in collecting this data.	Run Asset Scan to discover all assets.	Running Asset Scans
		Update and maintain the description and location fields with the appropriate information for each asset.	Viewing Asset Details
		Run the existing Asset Report for an inventory of all assets.	How to Run Reports
		If you find any information outdated or missing, you may edit the asset to enter the appropriate information.	Editing the Assets
9.9.1.b Select a sample of devices from the list and observe devices and device locations to verify that the list is accurate and up-to-date.	Sheriff CSM provides asset management features that can assist in collecting this data.	Run an Asset Scan to discover all assets.	Running Asset Scans
		Update and maintain the description and location fields with the appropriate information for each asset.	Viewing Asset Details
		Run the existing Asset Report for an inventory of all assets.	How to Run Reports
		If you find any information outdated or missing, you may edit the asset to enter the appropriate information.	Editing the Assets

Topic revision: r6 - 30 Apr 2022, SheriffCyberSecurity

User Guides