pci dss requirement 12 #12280
Merged
pci dss requirement 12 #12280
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
rhmdnd
commented
Aug 7, 2024
rhmdnd
commented
- OpenShift: Update PCI-DSS Requirement 12.1
- OpenShift: Update PCI-DSS Requirement 12.2
- OpenShift: Update PCI-DSS Requirement 12.3
- OpenShift: Update PCI-DSS Requirement 12.4
- OpenShift: Update PCI-DSS Requirement 12.5
- OpenShift: Update PCI-DSS Requirement 12.6
- OpenShift: Update PCI-DSS Requirement 12.7
- OpenShift: Update PCI-DSS Requirement 12.8
- OpenShift: Update PCI-DSS Requirement 12.9
- OpenShift: Update PCI-DSS Requirement 12.10
This requirement is not applicable to OpenShift since it's dealing with the dissemination of information and processing for updating it, which it outside the realm of OpenShift.
This requirement is focused on defining acceptable use for end-users, which is outside the scope of OpenShift.
This requirement pertains to the review and assessment of software used within the environment, and outside the realm of OpenShift.
This requirement is specific to service providers and how they manage PCI-DSS compliance, perform personnel assessments, and document those findings, which is outside the realm of OpenShift.
This requirement is specific to documenting and reviewing system architecture and personal changes, which is outside the scope of OpenShift.
This requirement is specific to designing, implementing, and documenting a security awareness program for employees, which is outside the scope of OpenShift.
This requirement is focused on robust hiring practices for people who have access to the CDE, which is outside the scope of OpenShift.
This requirement is focused on documenting, selecting, and reviewing third party service providers, which is outside the scope of OpenShift.
This requirement is specific to service providers giving written correspondence to customers about account security, which is outside the scope of OpenShift.
This requirement focuses on how personnel are trained, respond to incidents, and update incident response plans. While OpenShift enables these requirements through logging, alerts, and notification system integration, the processes for educating and developing incident response plans is left as an exercise for the entity processing card holder data.
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Code Climate has analyzed commit cf14fc8 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
|
/lgtm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.