-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
- Description
- 7. Restrict access to cardholder data by business need to know
- 8. Identify and authenticate access to system components
- 9. NA
- Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development
- Tasks
- Section 7 (in progress by Compliance team)
- Req-7.1
- Req-7.1.1
- Req-7.1.2
- Req-7.1.3
- Req-7.1.4
- Req-7.2
- Req-7.2.1
- Req-7.2.2
- Req-7.2.3
- Req-7.3
- Story points reflect work on section 8
- Req-8.1
- Req-8.1.1
- Req-8.1.2
- Req-8.1.3
- Req-8.1.4
- Req-8.1.5
- Req-8.1.6
- Req-8.1.7
- Req-8.1.8
- Req-8.2
- Req-8.2.1
- Req-8.2.2
- Req-8.2.3
- Req-8.2.4
- Req-8.2.5
- Req-8.2.6
- Req-8.3
- Req-8.4
- Req-8.5
- Req-8.5.1
- Req-8.6
- Req-8.7
- Req-8.8
- clones
-
-
- Closed
-
- is cloned by
-
-
- Closed
-