turbot/steampipe-mod-aws-compliance

Benchmark: 3.5 Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse

Description

Note: This requirement applies to keys used to encrypt stored cardholder data, and also applies to key-encrypting keys used to protect data-encrypting keys—such key- encrypting keys must be at least as strong as the data-encrypting key. Cryptographic keys must be strongly protected because those who obtain access will be able to decrypt data. Key-encrypting keys, if used, must be at least as strong as the data-encrypting key in order to ensure proper protection of the key that encrypts the data as well as the data encrypted with that key. The requirement to protect keys from disclosure and misuse applies to both data-encrypting keys and key-encrypting keys. Because one key- encrypting key may grant access to many data- encrypting keys, the key-encrypting keys require strong protection measures.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 3.5 Document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_3_5

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_3_5 --share

Benchmarks

Tags