Closed toniblyx closed 4 years ago
3.1 Requirement: Install and Maintain a Firewall Configuration to Protect Cardholder Data
3.6. Requirement 6: Develop and Maintain Secure Systems and Applications
3.11. Requirement 11: Regularly Test Security Systems and Processes
Thanks @jonrau1 for the update definitely I have to work on new checks to make it able to check PCI, that is planned, I hope to have something before re:Inforce.
@jonrau1 I have updated the list with your comments. Also for the ones you recommend for section 3.1 I have some comments:
* Ensure ECS Cluster At-rest encryption
Looking at this, is it fair to say that this check would need to ensure that fargate isn't in use while fargate storage remains unencrypted according to /aws/containers-roadmap/issues/314?
How can we help?
* Ensure ECS Cluster At-rest encryption
Looking at this, is it fair to say that this check would need to ensure that fargate isn't in use while fargate storage remains unencrypted according to /aws/containers-roadmap/issues/314?
Good point, I wasn't aware of that information and how it may impact PCI DSS compliance. So a check to just look at Fargate is needed to be written. I'll add it to the list.
How can we help?
I have just updated the list with the comment from @eldondev and with all recent checks related to Elasticsearch. If you look at the list there are some checks that need to be written. Feel free to pick one and practice, let me know if you need help opening an issue. For example, the check for "LDAP (TCP:389) is exposed to the public Internet" should be pretty simple, just look at other similar checks and pick the next free extras ID, a can create a pci group also to include all existing ones. Thanks for asking @hemedga
It is already available as ./prowler -g pci
List of checks based on PCI v3.2.1
PCI 3.2.1
3.1 Requirement: Install and Maintain a Firewall Configuration to Protect Cardholder Data
extra748
check42
check41
extra749
extra749
extra749
extra750
extra751
extra752
extra753
extra754
extra755
extra779
check43
extra75
extra78
extra756
3.2 Requirement 2: Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters
check41
check42
extra752
3.3 Requirement 3: Protect Stored Cardholder Data
extra734
extra735
extra729
check27
check28
extra740
extra72
3.4 Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks
extra738
and TODOextra734
check14
extra779
andextra716
extra779
andextra716
extra779
andextra716
extra779
andextra716
3.5. Requirement 5: Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs
N/A
3.6. Requirement 6: Develop and Maintain Secure Systems and Applications
3.7. Requirement 7: Restrict Access to Cardholder Data By Business Need To Know
check13
check111
check116
3.8. Requirement 8: Identify and Authenticate Access to System Components
check15
,check16
,check17
,check18
,check19
,check110
,check111
)check113
check12
check112
check114
check11
3.9 Requirement 9: Restrict Physical Access to Cardholder Data
N/A
3.10. Requirement 10: Track and Monitor All Access to Network Resources and Cardholder Data
check21
check29
check26
extra717
extra718
check25
check23
extra73
extra73
extra73
check38
check36
check314
3.11. Requirement 11: Regularly Test Security Systems and Processes
extra713
Requirement 12: Maintain a Policy That Addresses Information Security For All Personnel
N/A