Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add/Update AWS Audit Manager > PCI DSS V321 controls (2023-07-04). Closes #680 #690

Merged
merged 1 commit into from
Jul 11, 2023
Merged

Add/Update AWS Audit Manager > PCI DSS V321 controls (2023-07-04). Closes #680 #690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion conformance_pack/rds.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,7 @@ control "rds_db_instance_iam_authentication_enabled" {
hipaa_security_rule_2003 = "true"
nist_800_171_rev_2 = "true"
nist_csf = "true"
pci_dss_v321 = "true"
soc_2 = "true"
})
}
Expand All @@ -257,7 +258,6 @@ control "rds_db_cluster_iam_authentication_enabled" {
tags = merge(local.conformance_pack_rds_common_tags, {
nist_800_171_rev_2 = "true"
nist_csf = "true"
pci_dss_v321 = "true"
})
}

Expand Down
1 change: 1 addition & 0 deletions pci_dss_v321/requirement_10.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,7 @@ benchmark "pci_dss_v321_requirement_10_5_5" {
description = "File-integrity monitoring or change-detection systems check for changes to critical files, and notify when such changes are noted. For file- integrity monitoring purposes, an entity usually monitors files that don't regularly change, but when changed indicate a possible compromise."

children = [
control.cloudtrail_trail_validation_enabled,
control.s3_bucket_versioning_enabled
]

Expand Down
8 changes: 4 additions & 4 deletions pci_dss_v321/requirement_8.sp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,7 +466,7 @@ benchmark "pci_dss_v321_requirement_8_7_a" {
description = "Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties)."

children = [
control.rds_db_cluster_iam_authentication_enabled
control.rds_db_instance_iam_authentication_enabled
]

tags = merge(local.pci_dss_v321_requirement_8_common_tags, {
Expand All @@ -479,7 +479,7 @@ benchmark "pci_dss_v321_requirement_8_7_b" {
description = "Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties)."

children = [
control.rds_db_cluster_iam_authentication_enabled
control.rds_db_instance_iam_authentication_enabled
]

tags = merge(local.pci_dss_v321_requirement_8_common_tags, {
Expand All @@ -492,7 +492,7 @@ benchmark "pci_dss_v321_requirement_8_7_c" {
description = "Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties)."

children = [
control.rds_db_cluster_iam_authentication_enabled
control.rds_db_instance_iam_authentication_enabled
]

tags = merge(local.pci_dss_v321_requirement_8_common_tags, {
Expand All @@ -505,7 +505,7 @@ benchmark "pci_dss_v321_requirement_8_7_d" {
description = "Without user authentication for access to databases and applications, the potential for unauthorized or malicious access increases, and such access cannot be logged since the user has not been authenticated and is therefore not known to the system. Also, database access should be granted through programmatic methods only (for example, through stored procedures), rather than via direct access to the database by end users (except for DBAs, who may need direct access to the database for their administrative duties)."

children = [
control.rds_db_cluster_iam_authentication_enabled
control.rds_db_instance_iam_authentication_enabled
]

tags = merge(local.pci_dss_v321_requirement_8_common_tags, {
Expand Down