Benchmark: Requirement 6: Develop and maintain secure systems and applications

Description

It is important to define and implement a process that allows to identify and classify the risk of security vulnerabilities in the PCI DSS environment through reliable external sources. Organizations must limit the potential for exploits by deploying critical patches in a timely manner. Patch all systems in the card data environment, including: Operating systems, Firewalls, Routers, Switches, Application software, Databases and POS terminals.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Requirement 6: Develop and maintain secure systems and applications.

Run this benchmark in your terminal:

powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_6

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_6 --share

Benchmarks

6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by methods like reviewing public-facing web applications via manual or installing an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic

Benchmark: Requirement 6: Develop and maintain secure systems and applications

Description

Usage

Benchmarks

Tags