Benchmark: Requirement 3: Protect stored cardholder data
Description
This is THE most important requirement of the PCI standard. According to requirement 3, you must first know all the data you are going to store along with its location and retention period. All such cardholder data must be either encrypted using industry-accepted algorithms (e.g., AES-256, RSA 2048), truncated, tokenized or hashed (e.g. SHA 256, PBKDF2). Along with card data encryption, this requirement also talks about a strong PCI DSS encryption key management process. Many times service providers or merchants don’t know they store unencrypted primary account numbers (PAN) and therefore running a tool like card data discovery becomes important. You would note that common locations where card data is found are log files, databases, spreadsheets, etc. This requirement also includes rules for how primary account numbers should be displayed, such as revealing only the first six and last four digits.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Requirement 3: Protect stored cardholder data.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_3 --share