Skip to main content

💼 2.2.1 Configuration standards are developed, implemented, and maintained.

  • ID: /frameworks/pci-dss-v4.0/02/02/01

Description

To the following:

  • Cover all system components.
  • Address all known security vulnerabilities.
  • Be consistent with industry-accepted system hardening standards or vendor hardening recommendations.
  • Be updated as new vulnerability issues are identified, as defined in Requirement 6.3.1.
  • Be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment.

Similar

  • Sections
    • /frameworks/pci-dss-v3.2.1/02/02
    • /frameworks/pci-dss-v4.0.1/02/02/01
  • Internal
    • ID: dec-c-db6b45bb

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v3.2.1 → 💼 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.5332no data
💼 PCI DSS v4.0.1 → 💼 2.2.1 Configuration standards are developed, implemented, and maintained.13no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v3.2.1 → 💼 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.5332no data
💼 PCI DSS v4.0.1 → 💼 2.2.1 Configuration standards are developed, implemented, and maintained.13no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (13)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Root User has active access keys🟢1🟢 x6no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud MySQL Instance Local_infile Database Flag is not set to off🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data
🛡️ Google GKE Cluster Node Pool Auto-Repair is disabled🟢1🟢 x6no data
🛡️ Google GKE Cluster Node Pool Auto-Upgrade is disabled🟢1🟢 x6no data
🛡️ Google Project has a default network🟢1🟢 x6no data
🛡️ Google Project has a legacy network🟢1🟢 x6no data