If your organization accepts or processes payment cards and is in the cloud, you must be in compliance with PCI Data Security Standards (PCI). PCI is categorized into 6 high-level goals mapped to 12 requirements based on security best practices that
The following 4 goals and 7 requirements are the most relevant for organizations in the cloud.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Fugue utilizes baselines to auto-remediate and correct compliance violations via self-healing. With baseline enforcement, misconfiguration is automatically corrected back to the PCI-compliant baseline without writing automation scripts.