Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Activity Type:
Strategic Product Work
Story Points:
8
Blocked:
False
Ready:
False
Epic Link:
Checks & remediations for additional PCI-DSS controls
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Description
- 10. Track and monitor all access to network resources and cardholder data
- 11. Regularly test security systems and processes.

Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development

Tasks
- Req-10.1 - PR submitted
- Req-10.2 - PR submitted
- Req-10.2.1- PR submitted
- Req-10.2.2- PR submitted
- Req-10.2.3- PR submitted
- Req-10.2.4- PR submitted
- Req-10.2.5- PR submitted
- Req-10.2.6- PR submitted
- Req-10.2.7- PR submitted
- Req-10.3- PR submitted
- Req-10.3.1- PR submitted
- Req-10.3.2- PR submitted
- Req-10.3.3- PR submitted
- Req-10.3.4- PR submitted
- Req-10.3.5- PR submitted
- Req-10.3.6- PR submitted
- Req-10.4- PR submitted
- Req-10.4.1- PR submitted
- Req-10.4.2- PR submitted
- Req-10.4.3- PR submitted
- Req-10.5- PR submitted
- Req-10.5.1- PR submitted
- Req-10.5.2- PR submitted
- Req-10.5.3- PR submitted
- Req-10.5.4- PR submitted
- Req-10.5.5- PR submitted
- Req-10.6- PR submitted
- Req-10.6.1- PR submitted
- Req-10.6.2- PR submitted
- Req-10.6.3- PR submitted
- Req-10.7- PR submitted
- Req-10.8- PR submitted
- Req-11.1
- Req-11.1.1
- Req-11.1.2
- Req-11.2
- Req-11.2.1
- Req-11.2.2
- Req-11.2.3
- Req-11.3
- Req-11.3.1
- Req-11.3.2
- Req-11.3.3
- Req-11.3.4
- Req-11.4
- Req-11.5
- Req-11.5.1
- Req-11.6
  **

clones

CFE-152 As a system integrator I want to implement PCI-DSS Compliance Control Objective 4 (Implement strong access control measures) so that the OpenShift Container Platform would satisfy these requirements

Closed

is cloned by

CFE-154 As a system integrator I want to implement PCI-DSS Compliance Control Objective 6 (Maintain an information security policy) so that the OpenShift Container Platform would satisfy these requirements

Closed

Assignee:: Unassigned

Reporter:: Luigi Mario Zuccarelli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2021/09/29 3:00 PM

Updated:: 2025/05/27 2:49 AM

Resolved:: 2021/11/26 9:00 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates