💼 2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.
- ID:
/frameworks/pci-dss-v3.2.1/02/01
Description
This applies to ALL default passwords, including but not limited to those used by operating systems, software that provides security services, application and system accounts, point-of-sale (POS) terminals, payment applications, Simple Network Management Protocol (SNMP) community strings, etc.).
Similar
- Sections
/frameworks/pci-dss-v4.0/02/02/02/frameworks/aws-fsbp-v1.0.0/ec2/02/frameworks/aws-fsbp-v1.0.0/iam/04
- Internal
- ID:
dec-c-7ace62ef
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.2] VPC default security groups should not allow inbound or outbound traffic | 1 | no data | |||
| 💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.4] IAM root user access key should not exist | 1 | 1 | no data | ||
| 💼 PCI DSS v4.0 → 💼 2.2.2 Vendor default accounts are managed. | 9 | no data |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 2.2.2 Vendor default accounts are managed. | 9 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 2.1.1 For wireless environments connected to the cardholder data environment or transmitting cardholder data, change ALL wireless vendor defaults at installation, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. | 2 | no data |
Policies (9)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS Account Root User has active access keys🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google API Key is not restricted for unused APIs🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google API Key is not rotated every 90 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪ | 🟢 x2, ⚪ x1 | no data | |
| 🛡️ Google GCE Instance is configured to use the Default Service Account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Node Pool uses default Service account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Project has API Keys🟢 | 1 | 🟠 x1, 🟢 x5 | no data |