Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CMP-2460: PCI-DSS 4 requirement 8 #12148

Merged
merged 8 commits into from
Jul 19, 2024
Merged

CMP-2460: PCI-DSS 4 requirement 8 #12148

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f6e65b9
CMP-2460: Requirement 8.1 is not applicable
yuumasato Jul 9, 2024
f11b2ea
CMP-2460: Requirement 8.2 is automated
yuumasato Jul 10, 2024
f22ea82
CMP-2460: Requirement 8.3 is not applicable
yuumasato Jul 10, 2024
5264dfa
CMP-2460: Reqs 8.4 and 8.5 are not applicable
yuumasato Jul 11, 2024
28423d2
CMP-2460: Requirement 8.6 is supported
yuumasato Jul 11, 2024
504ec6c
Fix typos and review comments
yuumasato Jul 15, 2024
80eaadb
Add pre requisite rules for Req 8.2 and 8.3
yuumasato Jul 15, 2024
c6eac49
CMP-2460: Restrict IdP configurations
yuumasato Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 14 additions & 9 deletions controls/pcidss_4_ocp4.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2381,7 +2381,7 @@ controls:
strictly managed.
levels:
- base
status: pending
status: supported
controls:
- id: 8.6.1
title: If accounts used by systems or applications can be used for interactive login, they
Expand All @@ -2395,13 +2395,14 @@ controls:
- Every action taken is attributable to an individual user.
levels:
- base
status: pending
status: not applicable
notes: |-
This requirement is related to 2.2.2, 2.2.6, 8.2.1 and 8.2.2. Specifically on 8.2.2 system
accounts usage is restricted. Exceptions to system accounts should be manually checked to
ensure the requirements in description. This requirement although implements some extra
controls regarding root account.
All user IDs, including those handled by third parties to access, support, or maintain
system components via remote access, are handled externally to OpenShift.
rules: []
related_rules:
# The following RHCOS rule can also contribute to the implementation of this control.
- securetty_root_login_console_only
rhmdnd marked this conversation as resolved.
Show resolved Hide resolved

- id: 8.6.2
title: Passwords/passphrases for any application and system accounts that can be used for
Expand All @@ -2412,7 +2413,9 @@ controls:
unauthorized personnel.
levels:
- base
status: pending
status: supported
notes: |-
OpenShift can be integrated with a Vault to manage secrets.

- id: 8.6.3
title: Passwords/passphrases for any application and system accounts are protected against
Expand All @@ -2425,9 +2428,11 @@ controls:
frequently the entity changes the passwords/passphrases.
levels:
- base
status: pending
status: not applicable
notes: |-
Related to requirements 8.3.6 and 8.3.9.
Parameters for authenticators such as password length, maximum password
age, minimum password age, password history, and requirements to change
the password on first use are handled by the third-party identity provider.

- id: '9.1'
title: Processes and mechanisms for restricting physical access to cardholder data are defined
Expand Down
Loading