-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
None
-
Strategic Product Work
-
13
-
False
-
False
-
- Description
- 5. Protect all systems against malware and regularly update anti-virus software programs
- 6. Develop and maintain secure systems and applications
- Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development
- Tasks
- Req-5.1
- Req-5.1.1
- Req-5.1.2
- Req-5.2
- Req-5.3
- Req-5.4
- Req-6.1
- Req-6.2
- Req-6.3
- Req-6.3.1
- Req-6.3.2
- Req-6.4
- Req-6.4.1
- Req-6.4.2
- Req-6.4.3
- Req-6.4.4
- Req-6.4.5
- Req-6.5
- Req-6.5.1
- Req-6.5.2
- Req-6.5.3
- Req-6.5.4
- Req-6.5.5
- Req-6.5.6
- Req-6.5.7
- Req-6.5.8
- Req-6.5.9
- Req-6.5.10
- Req-6.6
- Req-6.7
**
- clones
-
-
- Closed
-
- is cloned by
-
-
- Closed
-