πΌ 3.4.1 If disk encryption is used, logical access must be managed separately and independently of native operating system authentication and access control mechanisms.
-
Contextual name: πΌ 3.4.1 If disk encryption is used, logical access must be managed separately and independently of native operating system authentication and access control mechanisms.
-
ID:
/frameworks/pci-dss-v3.2.1/03/04/01 -
Located in: πΌ 3.4 Render PAN unreadable anywhere it is stored.
Descriptionβ
Decryption keys must not be associated with user accounts.
This requirement applies in addition to all other PCI DSS encryption and key-management requirements.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/03/05/01/03
- Internal
- ID:
dec-c-fe88d76c
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.5.1.3 If disk-level or partition-level encryption is used (rather than file-, column-, or field--level database encryption) to render PAN unreadable. | 7 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 3.5.1.3 If disk-level or partition-level encryption is used (rather than file-, column-, or field--level database encryption) to render PAN unreadable. | 7 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account EBS Volume Encryption Attribute is not enabled in all regions π’ | 1 | π’ x6 |
| π AWS EFS File System encryption is not enabled π’ | 1 | π’ x6 |
| π AWS RDS Instance Encryption is not enabled π’ | 1 | π’ x6 |
| π Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Azure Storage Account With Critical Data is not encrypted with customer managed key π’ | π’ x3 | |
| π Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key π’ | 1 | π’ x6 |
| π Unattached Azure Managed Disk is not encrypted with Customer-managed key π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0bdcd276 | 1 | |
| βοΈ dec-x-5c3c2067 | 1 | |
| βοΈ dec-x-6ba5ecd2 | 1 | |
| βοΈ dec-x-9cdb7407 | 1 | |
| βοΈ dec-x-966d3183 | 1 | |
| βοΈ dec-x-aef11ebd | 1 | |
| βοΈ dec-x-f63fd4f0 | 1 |