Curent Location: Loading...
Zigass
Categories (See All)
Language


Zigass Merchant Security Requirements

  • Home
  • "Zigass Merchant Security Requirements"
Home
/
Help centre
/
Legal Information


Zigass Merchant Security Requirements

Technical and organisational measures described below including technical and organisational measures to ensure the security of the data constitute Zigass Merchant Security Requirements.
Unless defined otherwise, the items below shall be understood as described in most recent NIST standards.

Measure
Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorised users, processes, and devices, and is managed consistent with the assessed risk of unauthorised access to authorised activities and transactions.
PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorised devices, users and processes
PR.AC-2: Physical access to assets is managed and protected
PR.AC-3: Remote access is managed
PR.AC-4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)
PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions
R.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organisational risks)
Awareness and Training (PR.AT): The organisation’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity-related duties and responsibilities consistent with related policies, procedures, and agreements.
PR.AT-1: All users are informed and trained
PR.AT-2: Privileged users understand their roles and responsibilities
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
PR.AT-4: Senior executives understand their roles and responsibilities
PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities
Data Security (PR.DS): Information and records (data) are managed consistent with the organisation’s risk strategy to protect the confidentiality, integrity, and availability of information.
PR.DS-1: Data-at-rest is protected
PR.DS-2: Data-in-transit is protected
PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition
PR.DS-4: Adequate capacity to ensure availability is maintained
PR.DS-5: Protections against data leaks are implemented
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity
PR.DS-7: The development and testing environment(s) are separate from the production environment
PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity
Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organisational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)
PR.IP-2: A System Development Life Cycle to manage systems is implemented
PR.IP-3: Configuration change control processes are in place
PR.IP-4: Backups of information are conducted, maintained, and tested
PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met
PR.IP-6: Data is destroyed according to policy
PR.IP-7: Protection processes are improved
PR.IP-8: Effectiveness of protection technologies is shared
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
PR.IP-10: Response and recovery plans are tested
PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
PR.IP-12: A vulnerability management plan is developed and implemented
Maintenance (PR.MA): Maintenance and repairs of industrial control and information system components are performed consistent with policies and procedures.
PR.MA-1: Maintenance and repair of organisational assets are performed and logged, with approved and controlled tools
PR.MA-2: Remote maintenance of organisational assets is approved, logged, and performed in a manner that prevents unauthorised access
Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy
PR.PT-2: Removable media is protected and its use restricted according to policy
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities
PR.PT-4: Communications and control networks are protected
PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations
Data Processing Management (CT.DM-P): Data are managed consistent with the organisation’s risk strategy to protect individuals’ privacy, increase manageability, and enable the implementation of privacy principles (e.g., individual participation, data quality, data minimization).
CT.DM-P1: Data elements can be accessed for review.
CT.DM-P2: Data elements can be accessed for transmission or disclosure.
CT.DM-P3: Data elements can be accessed for alteration.
CT.DM-P4: Data elements can be accessed for deletion.
CT.DM-P5: Data are destroyed according to policy.
CT.DM-P6: Data are transmitted using standardised formats.
CT.DM-P7: Mechanisms for transmitting processing permissions and related data values with data elements are established and in place.
CT.DM-P8: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy and incorporating the principle of data minimization.
CT.DM-P9: Technical measures implemented to manage data processing are tested and assessed.
CT.DM-P10: Stakeholder privacy preferences are included in algorithmic design objectives and outputs are evaluated against these preferences.

Unleash the Power of Zigass: Unbeatable Deals, Variety, and Savings Await!



Zigass is officially a part of WinSberg LLC. As a unique in the around the world project, Zigass brings you an unparalleled online shopping experience like no other. With our powerful platform and innovative features, we are here to revolutionize the way you shop.

At Zigass, we believe in offering unbeatable deals and a wide range of products that cater to your needs. From around-the-world vendors, we bring you an endless selection of quality products at affordable rates. Plus, with our eCommerce Guarantee, your payment is securely held in our system and only released to the seller once you have received your purchase in good condition.

But that's not all. We are committed to providing you with a seamless and enjoyable shopping experience. Our platform offers free shipping, flat-rate shipping, and carrier-wise shipping options, ensuring that your products reach you conveniently and at the best possible rates.

Also, as part of WinSberg LLC, Zigass is proud to offer you official online stores for some of the biggest global brands. Nestle, Unilever, Mydin, Tefal, Calvin Klein, and more are all right here on our platform, offering you authentic products at superb prices.

With Zigass, you can expect variety, savings, and exciting promotions. From our daily Flash Sale to our special campaigns like Top Holidays and Super Brand Day, there's always something to look forward to. We also have category-specific sales like the Baby Fair and Black Friday, ensuring that you can find the best deals on the products you love.

Get ready to unleash the power of Zigass! Join us on this unique Marketplace project by WinSberg LLC and experience a whole new level of online shopping. Come aboard and start browsing now!


Read More...

Terms & conditions

return policy

Support Policy

privacy policy
Zigass
Experience a new way of shopping and selling with Zigass. Our unique profit-sharing model connects businesses and customers, making it easier to find the products and services you need. Whether you're buying or selling, you'll enjoy a wide range of benefits and a seamless shopping experience.

Join our platform as an importer, seller, service provider, courier, or customer and enjoy countless benefits.
Subscribe to our newsletter for regular updates about Offers, Coupons & more
Follow Us
Mobile Apps

GET TO KNOW

Stay Connected

Customer Service

Seller Center

Delivery Boy

  • Address

    651 N Broad St, Suite 201, USA

  • Phone

    +19288337117

  • Email

    hello@zigass.com

Home
Categories
My Account

We use cookie for better user experience, check our policy here