Benchmark: 4.2.1: Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission
Description
Sensitive information must be encrypted during transmission over public networks because it is easy and common for a malicious individual to intercept and/or divert data while in transit.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4.2.1: Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_4_2_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_4_2_1 --shareBenchmarks
Controls
- CloudFront distributions should encrypt traffic to custom origins
- CloudFront distributions should require encryption in transit
- CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins
- ElastiCache for Redis replication groups should be encrypted in transit
- ELB application load balancers should redirect HTTP requests to HTTPS
- ELB classic load balancers should use SSL certificates
- ELB classic load balancers should only use SSL or HTTPS listeners
- EMR cluster Kerberos should be enabled
- Elasticsearch domain node-to-node encryption should be enabled
- OpenSearch domains should use HTTPS
- OpenSearch domains node-to-node encryption should be enabled
- Redshift cluster encryption in transit should be enabled
- S3 buckets should enforce SSL