Benchmark: 3.3.1.3 The personal identification number (PIN) and the PIN block are not stored upon completion of the authorization process
Description
PIN and PIN blocks should be known only to the card owner or entity that issued the card. If this data is stolen, malicious individuals can execute fraudulent PIN-based transactions (for example, in-store purchases and ATM withdrawals). Not storing this data reduces the probability of it being compromised.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3.3.1.3 The personal identification number (PIN) and the PIN block are not stored upon completion of the authorization process.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_3_1_3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_3_1_3 --shareControls
- Backup plan min frequency and min retention check
- Backup recovery points should not expire before retention period
- Log group retention period should be at least 365 days
- AWS DocumentDB clusters should have an adequate backup retention period
- DynamoDB table point-in-time recovery should be enabled
- EBS volumes should be attached to EC2 instances
- ECR repositories should have lifecycle policies configured
- S3 buckets should have lifecycle policies configured
- S3 buckets with versioning enabled should have lifecycle policies configured