Google recently added a Payment Card Industry Data Security Standard (PCI DSS) policy bundle to Anthos Config Management (ACM). With version 3.2.1, security administrators can now understand their compliance with PCI DSS requirements using the Policy Controller dashboard.

Poonam Rambaproduct manager, and Andrew PeabodyTechnical Solutions Consultant at Google Cloud wrote a blog post Describes policy bundles and controllers. A policy bundle is a collection of preconfigured constraints developed and maintained by Google.and Policy controllercustomizable policies can be applied to clusters and enforced effectively.

The PCI DSS bundle includes PCI DSS control number Associated with each constraint and can be cross-referenced to track compliance PCI DSS standardThe policies contained in policy bundles focus on areas such as secure networks, systems, applications, and robust access control and monitoring. As an example, in the context of robust access control and monitoring, to ensure uniform and accurate time across nodes, container optimization OS as OS image.

To audit and share policy violations on the cluster, security administrators can utilize the Policy Controller Dashboard.Provides UI with policy usage index and ability to configure log-based alerts.

sauce: Harden Kubernetes clusters and monitor workload compliance with PCI DSS policy bundles. Google Cloud Blog

To install PCI DSS bundle v3.2.1, the target environment must have Anthos cluster Policy Controller v1.14.0 or higher. For additional guidelines for installing policy bundles, see This blog post.

Whenever there is a policy violation, cloud logging It is automatically logged and security admins can take advantage of the filters as described below log explorer:

resource.type="k8s_container"

resource.labels.namespace_name="gatekeeper-system"

resource.labels.pod_name:"gatekeeper-audit-"

jsonPayload.process: "audit"

jsonPayload.event_type: "violation_audited"

jsonPayload.constraint_name:*

jsonPayload.constraint_namespace:*

PCI DSS introduced several new controls. Latest version 4.0should be implemented immediately by organizations to strengthen the security of payment systems.

Meanwhile, to meet PCI’s most stringent security, audit compliance, low latency, and high performance requirements, Microsoft recently introduced Azure Payment Hardware Security Modules (HSMs). the current, Azure Cloudthe service is currently available in the East US and North Europe regions.

In addition to applying policy bundles and custom policies for Kubernetes clusters, Policy Controller can also be used to analyze cluster configurations prior to deployment.Interested users can get started with Policy Controller here Or check out best practices for policy bundles here.