CMP-2455: PCI-DSS v4 Requirement 3#11951
Conversation
These controls are documentation and process specific and there isn't a way to enforce them using the Compliance Operator. Mark them as not applicable.
OpenShift doesn't directly handle any account data.
OpenShift doesn't directly handle Sensitive Account Data.
OpenShift doesn't directly manage PAN.
This requiremetn is about rendering stored PAN unreadable. While OpenShift doesn't have direct access to the PAN to mask it, OCP can configure encrypted volumes where the payment application can store PAN.
The criptographic keys managed by OpenShift are securely stored by default.
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
rhmdnd
left a comment
There was a problem hiding this comment.
Looks good - I only have some really minor suggestions inline.
|
Code Climate has analyzed commit 0983a3d and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
|
@rhmdnd Thank you for the review. The remarks have been addressed. |
|
/lgtm |
|
/packit retest-failed |
Description:
3.1,3.2,3.3,3.4,3.7are not applicable to OCP.3.5is partially applicable, due to Requirement3.5.1.3.6is inherently met.