Skip to main content

💼 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need.

  • ID: /frameworks/pci-dss-v4.0/01/02/05

Description

Empty...

Similar

  • Sections
    • /frameworks/pci-dss-v3.2.1/01/01/06
    • /frameworks/pci-dss-v4.0.1/01/02/05
  • Internal
    • ID: dec-c-66dcb8df

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v3.2.1 → 💼 1.1.6 Documentation of business justification and approval for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.127no data
💼 PCI DSS v4.0.1 → 💼 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need.27no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v3.2.1 → 💼 1.1.6 Documentation of business justification and approval for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.127no data
💼 PCI DSS v4.0.1 → 💼 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need.27no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (27)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted DNS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted FTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted ICMP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted NetBIOS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted RPC traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted SMTP traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MSSQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MySQL🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to PostgreSQL🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance external scripts enabled Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance remote access Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data
🛡️ Google GCE Instance Enable Connecting to Serial Ports is not disabled🟢1🟢 x6no data
🛡️ Google Project has a default network🟢1🟢 x6no data
🛡️ Google Project has a legacy network🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-3e379c671
✉️ dec-x-6eab9b881
✉️ dec-x-11c3009f1
✉️ dec-x-14bf01f31
✉️ dec-x-42a090841
✉️ dec-x-293ab45b1
✉️ dec-x-66358b451
✉️ dec-x-637372481
✉️ dec-x-bcae85fb2
✉️ dec-x-ca1c0c0d1
✉️ dec-x-f4cc003a1
✉️ dec-x-f12d78aa1
✉️ dec-z-c82c9f971
✉️ dec-z-dbeeed9f1
✉️ dec-z-f778950c1