-
Story
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
-
None
-
13
-
False
-
False
-
- Description
- A1. Protect each entity's (that is, merchant, service provider, or other entity) hosted environment and data
- Acceptance Criteria
- The Compliance Operator ships with a PCI-DSS profile.
- The profile contains the appropriate existing implemented OpenSCAP checks from NIST SP800-53 as defined in the mapping spreadsheet
- We have the appropriate Remediations for checks that can be auto-remediated (where already implemented).
- Added controls based on the following list https://docs.google.com/spreadsheets/d/1YujTrDp-f2YHni5n1ssyJdsMrbkiTAgb5iqSp49dBPg/edit#gid=1070290052
- We have successfully running automated testing / CI for the profile
- Compliance Operator documentation is updated to indicate that we provide a profile for PCI-DSS, along with a basic description of the profile.
- Progress tracking tooling is created to track coverage for profile development
- Tasks
- Req-A.1.1
- Req-A.1.2
- Req-A.1.3
- Req-A.1.4
- Req-A3.1.1
- Req-A3.1.2
- Req-A3.1.3
- Req-A3.1.4
- Req-A3.2.1
- Req-A3.2.2
- Req-A3.2.2.1
- Req-A3.2.3
- Req-A3.2.4
- Req-A3.2.5
- Req-A3.2.5.1
- Req-A3.2.5.2
- Req-A3.2.6
- Req-A3.2.6.1
- Req-A3.3.1
- Req-A3.3.1.1
- Req-A3.3.2
- Req-A3.3.3
- Req-A3.4.1
- Req-A3.5.1
**
- clones
-
-
- Closed
-