Benchmark: 3.3.1.1: The full contents of any track are not stored upon completion of the authorization process
Description
If full contents of any track (from the magnetic stripe on the back of a card if present, equivalent data contained on a chip, or elsewhere) is stored, malicious individuals who obtain that data can use it to reproduce payment cards and complete fraudulent transactions.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3.3.1.1: The full contents of any track are not stored upon completion of the authorization process.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_3_1_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_3_1_1 --shareControls
- Backup plan min frequency and min retention check
- Backup recovery points should not expire before retention period
- Log group retention period should be at least 365 days
- AWS DocumentDB clusters should have an adequate backup retention period
- DynamoDB table point-in-time recovery should be enabled
- EBS volumes should be attached to EC2 instances
- ECR repositories should have lifecycle policies configured
- S3 buckets should have lifecycle policies configured
- S3 buckets with versioning enabled should have lifecycle policies configured