πΌ 6.4.2 For public-facing web applications, an automated technical solution is deployed that continually detects and prevents web-based attacks.
-
Contextual name: πΌ 6.4.2 For public-facing web applications, an automated technical solution is deployed that continually detects and prevents web-based attacks.
-
ID:
/frameworks/pci-dss-v4.0.1/06/04/02 -
Located in: πΌ 6.4 Public-facing web applications are protected against attacks.
Descriptionβ
With at least the following:
- Is installed in front of public-facing web applications and is configured to detect and prevent web-based attacks.
- Actively running and up to date as applicable.
- Generating audit logs.
- Configured to either block web-based attacks or generate an alert that is immediately investigated.
Similarβ
- Sections
/frameworks/pci-dss-v4.0/06/04/02/frameworks/aws-fsbp-v1.0.0/cloudfront/06
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ AWS Foundational Security Best Practices v1.0.0 β πΌ [CloudFront.6] CloudFront distributions should have WAF enabled | ||||
| πΌ PCI DSS v4.0 β πΌ 6.4.2 For public-facing web applications, an automated technical solution is deployed that continually detects and prevents web-based attacks. | 9 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v4.0 β πΌ 6.4.2 For public-facing web applications, an automated technical solution is deployed that continually detects and prevents web-based attacks. | 9 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (9)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Google HTTP(S) Load Balancer Logging is not enabled π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist π’ | 1 | π’ x6 |
| π Google Logging Log Sink for All Log Entries is not configured π’ | 1 | π’ x6 |