-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
None
-
Strategic Product Work
-
8
-
False
-
False
-
- Description
- 1. Install and maintain a firewall configuration to protect cardholder data
- 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
- Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development
- Tasks
- Req-1.1 - completed
- Req-1.1.4 - completed
- Req-1.2 - completed
- Req-1.2.1 - completed
- Req-1.3 - completed
- Req-1.3.1 - completed
- Req-1.3.2 - completed
- Req-1.3.4 - completed
- Req-1.3.5 - completed
- Req-1.3.6 - completed
- Req-2.1
- Req-2.1.1
- Req-2.2
- Req-2.2.1
- Req-2.2.2
- Req-2.2.3
- Req-2.2.4
- Req-2.2.5
- Req-2.3
- Req-2.4
- Req-2.5
- Req-2.6
- is cloned by
-
-
- Closed
-