Create an Asset (Application) Instructions

Inserting Data Collection for In-Scope Applications

This guide is used to Identify all applications that CHD applications utilized within CDE.  This will include PA-DSS, PABP, third-party and internally developed applications.

Go to the Fullerton SnipeIT home page website by accessing this link:

https://fullerton.snipe-it.io/

1. On the top right hand corner of your screen, click on the Create New drop- down and select Asset.

2. Select the Company that your asset is from.

3. For the model, select "Software--Application - On Campus"

4. For Area, select what is area name for your application.

5.  For Make/Version, list the full OS make and the current version information of your application.

6. For PA-DSS Validated, select "Yes" or "No" if this applies to your application.

Note: This is for third-party payment apps.

7. For PCI Listing, include the information for the application listing.

 

8. For PA-DSS Expiration Date, include the expiration date to which your PA-DSS application expires.

Note: This is for third-party payments

9. For Access to CHD, select "Yes", "No", or "Indirect".

10. For Type of CHD Handled, if there is access to CHD, classify what CHD it is.

Note: List all types of cardholder data the application stores, transmits or processes.

11. For Network Zone, list where this network application is used for.

12. For Network/VLAN Name, enter in the name of VLAN and IP Range.

13. For Externally Facing, select "Yes" if your application asset interacts with the general public or "No" if it does not interact with the general public.

14. For Business Purpose, insert what is the business purpose or function of this server. (Ex: payment processing, reporting, call center, settlement, etc...)

15. For Supporting Database, select "Yes" if there is a supporting database for this application that stores CHD and "No" if there is not a supporting database for this application that stores CHD.

16. For Authentication, include how this authentication is controlled.

17. For Development, select either "Third Party" or "Internal" for who is responsible for the development of this application.

18. For Mobile, select "Yes" if this application can be used on mobile devices or "No" if it can not be used on mobile devices.

19. For Contact, enter the name and email address of the main employee(s) for this application.

20. For Status, select what is the current condition if your server, either "Active", "In Use", "Archived" or "Not in Field"

21.  For Checkout to, select a "User","Asset"or "Location".

Note: If you Checkout to a physical location, include where the facilities asset resides. If the location has not been used previously, you will have to select new and create a new location for your asset.

22. For Asset Name, enter in what is the name of your application alias.

If you have any more categories you would like to include, please do so before saving your asset. To save, select the Save button on the right hand corner of your SnipeIT window screen.