According to 9.9.1, which information should be included in the device inventory?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Data Security Standard Test with our quiz. Use flashcards and multiple-choice questions to learn each concept. Get ready to excel in your examination!

Multiple Choice

According to 9.9.1, which information should be included in the device inventory?

Explanation:
Maintaining a device inventory requires capturing enough details to uniquely identify every device in the cardholder data environment and to know where it sits. This makes it possible to manage security controls, track asset lifecycle, and respond to incidents effectively. Including the make and model helps you understand what security features or patches may be needed. Recording the location shows you exactly where the device is, which is crucial for physical access control and network topology awareness. Having a serial number or another unique identifier ensures you can distinguish between similar devices, track changes over time, and verify you’re applying controls to the correct asset. Other proposed details don’t provide the same solid basis for identification and ongoing management. Purchase date and warranty status are useful for lifecycle planning but don’t uniquely identify a device or support security control implementation. User passwords stored on devices create a security risk and are not appropriate inventory content. Maintenance history alone doesn’t give you the essential, current identifiers needed to manage and audit in-scope devices.

Maintaining a device inventory requires capturing enough details to uniquely identify every device in the cardholder data environment and to know where it sits. This makes it possible to manage security controls, track asset lifecycle, and respond to incidents effectively. Including the make and model helps you understand what security features or patches may be needed. Recording the location shows you exactly where the device is, which is crucial for physical access control and network topology awareness. Having a serial number or another unique identifier ensures you can distinguish between similar devices, track changes over time, and verify you’re applying controls to the correct asset.

Other proposed details don’t provide the same solid basis for identification and ongoing management. Purchase date and warranty status are useful for lifecycle planning but don’t uniquely identify a device or support security control implementation. User passwords stored on devices create a security risk and are not appropriate inventory content. Maintenance history alone doesn’t give you the essential, current identifiers needed to manage and audit in-scope devices.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy