Benchmark: PCI DSS requirement 4.1
Description
Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks (eg. Internet, wireless technologies, cellular technologies, General Packet Radio Service [GPRS], satellite communications). Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment use industry best practices to implement strong encryption for authentication and transmission.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select PCI DSS requirement 4.1.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.pci_dss_v321_requirement_4_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.pci_dss_v321_requirement_4_1 --share
Controls
- App Service API apps should only be accessible over HTTPS
- Function apps should only be accessible over HTTPS
- Automation account variables should be encrypted
- Only secure connections to your Azure Cache for Redis should be enabled
- Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources
- Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign
- SQL databases transparent data encryption should be enabled
- Secure transfer to storage accounts should be enabled