Benchmark: 3.6.1: Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure
Description
Cryptographic keys must be strongly protected because those who obtain access will be able to decrypt data.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.6.1: Procedures are defined and implemented to protect cryptographic keys used to protect stored account data against disclosure.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_6_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_3_6_1 --share
Benchmarks
- 3.6.1.2: Secret and private keys used to protect stored account data
- 3.6.1.3: Access to cleartext cryptographic key components is restricted to the fewest number of custodians necessary
- 3.6.1.4: Cryptographic keys are stored in the fewest possible locations