Benchmark: 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks
Description
GCP customers are responsible for strong cryptography and security protocols for connections to any storage system that is transmitting cardholder data. Customers are responsible for ensuring the data is encrypted in transit over open, public networks. Customers are responsible for using web browsers and client endpoints that do not support TLS1.0 or ciphers that are weaker than AES128.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_4_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_4_1 --share
Controls
- Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites
- Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
- Check if Cloud SQL instances have SSL turned on