-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
Strategic Product Work
-
13
-
False
-
False
-
-
CFE Sprint 208, CFE Sprint 209, CFE Sprint 210
- Description
- 3. Protect stored cardholder data
- 4. Encrypt transmission of cardholder data across open public networks.
- Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development
- Tasks
- Req-3.1
- Req-3.2
- Req-3.2.1
- Req-3.2.2
- Req-3.2.3
- Req-3.3
- Req-3.4
- Req-3.4.1
- Req-3.5
- Req-3.5.1
- Req-3.5.2
- Req-3.5.3
- Req-3.5.4
- Req-3.6
- Req-3.6.1
- Req-3.6.2
- Req-3.6.3
- Req-3.6.4
- Req-3.6.5
- Req-3.6.6
- Req-3.6.7
- Req-3.6.8
- Req-3.7
- Req-4.1
- Req-4.1.1
- Req-4.2
- Req-4.3
- clones
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
