💼 2.2.1 Configuration standards are developed, implemented, and maintained.

• Contextual name: 💼 2.2.1 Configuration standards are developed, implemented, and maintained.

• ID: /frameworks/pci-dss-v4.0/02/02/01

• Located in: 💼 2.2 System components are configured and managed securely.

Description

To the following:

• Cover all system components.
• Address all known security vulnerabilities.
• Be consistent with industry-accepted system hardening standards or vendor hardening recommendations.
• Be updated as new vulnerability issues are identified, as defined in Requirement 6.3.1.
• Be applied when new systems are configured and verified as in place before or immediately after a system component is connected to a production environment.

Similar

• Sections
  • /frameworks/pci-dss-v3.2.1/02/02
  • /frameworks/pci-dss-v4.0.1/02/02/01
• Internal
  • ID: dec-c-db6b45bb

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.	5	3	30
💼 PCI DSS v4.0.1 → 💼 2.2.1 Configuration standards are developed, implemented, and maintained.			11

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.	5	3	30
💼 PCI DSS v4.0.1 → 💼 2.2.1 Configuration standards are developed, implemented, and maintained.			11

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (11)

Policy	Logic Count	Flags
📝 AWS Account Root User has active access keys 🟢	1	🟢 x6
📝 AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC is not enabled 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟢	1	🟢 x6
📝 Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟢	1	🟢 x6
📝 Google Cloud MySQL Instance Local_infile Database Flag is not set to off 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢	1	🟢 x6
📝 Google Project has a default network 🟢	1	🟢 x6
📝 Google Project has a legacy network 🟢	1	🟢 x6