💼 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.

• Contextual name: 💼 4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.

• ID: /frameworks/pci-dss-v3.2.1/04/01

• Located in: 💼 4 Encrypt transmission of cardholder data across open, public networks.

Description

Including the following:

• Only trusted keys and certificates are accepted.
• The protocol in use only supports secure versions or configurations.
• The encryption strength is appropriate for the encryption methodology in use.

Examples of open, public networks include but are not limited to:

• The Internet
• Wireless technologies, including 802.11 and Bluetooth
• Cellular technologies, for example, Global System for Mobile communications (GSM), Code division multiple access (CDMA)
• General Packet Radio Service (GPRS)
• Satellite communications

Similar

• Sections
  • /frameworks/pci-dss-v4.0/04/02/01
  • /frameworks/aws-fsbp-v1.0.0/elb/01
  • /frameworks/aws-fsbp-v1.0.0/s3/05
• Internal
  • ID: dec-c-eaf8f1ac

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL		1	1
💼 PCI DSS v4.0 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.	2	9	21

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 4.2.1 Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks.	2	9	21

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 4.1.1 Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices to implement strong encryption for authentication and transmission.			1

Policies (21)

Policy	Logic Count	Flags
📝 AWS ACM Certificate expires in the next 7 days 🟢	1	🟢 x6
📝 AWS ACM RSA Certificate key length is less than 2048 bits 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses Dedicated IP for SSL 🟢	1	🟢 x6
📝 AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins 🟢	1	🟢 x6
📝 AWS DMS Endpoint doesn't use SSL 🟢	1	🟢 x6
📝 AWS IAM Server Certificate is expired 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket Policy is not set to deny HTTP requests 🟢	1	🟢 x6
📝 Azure App Service FTP deployments are not disabled 🟢	1	🟢 x6
📝 Azure App Service HTTPS Only configuration is not enabled 🟢	1	🟢 x6
📝 Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server Infrastructure Double Encryption is not enabled 🟢	1	🟢 x6
📝 Azure Storage Account Secure Transfer Required is not enabled 🟢	1	🟢 x6
📝 Azure Unattached Managed Disk is not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Azure Virtual Machine OS and Data disks are not encrypted with Customer-managed key 🟢	1	🟢 x6
📝 Google GCE Instance Block Project-Wide SSH Keys is not enabled 🟢	1	🟢 x6
📝 Google HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites 🟢		🟢 x3

Internal Rules

Rule	Policies	Flags
✉️ dec-x-14f5fc25	1
✉️ dec-x-75db76ad	1
✉️ dec-x-791dab13	1
✉️ dec-x-4002ecfe	1
✉️ dec-x-995424b7	2
✉️ dec-x-c0a7793e	1
✉️ dec-x-d5fbfc40	1
✉️ dec-x-d95ea48b	1