valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 09:55:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Cards slider in the regulatory compliance sections (#1708)

Browse Source
This commit is contained in:
Adri Valle 2019-08-22 13:05:55 +02:00 committed by Jesús Ángel
parent 4de8c20fb7
commit d6382c326f
16 changed files with 256 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
public/controllers/agent/agents.js
View File

@ -572,25 +572,21 @@ export class AgentsController {
this.$scope.showScaScan = false;
if (tab === 'pci') {
const pciTabs = await this.commonData.getPCI();
this.$scope.pciTabs = pciTabs;
this.$scope.selectedPciIndex = 0;
this.$scope.pciReqs = {items: pciTabs, reqTitle: 'PCI DSS Requirement'}
}
if (tab === 'gdpr') {
const gdprTabs = await this.commonData.getGDPR();
this.$scope.gdprTabs = gdprTabs;
this.$scope.selectedGdprIndex = 0;
this.$scope.gdprReqs = {items: gdprTabs, reqTitle: 'GDPR Requirement'};
}
if (tab === 'hipaa') {
const hipaaTabs = await this.commonData.getHIPAA();
this.$scope.hipaaTabs = hipaaTabs;
this.$scope.selectedHipaaIndex = 0;
this.$scope.hipaaReqs = {items: hipaaTabs, reqTitle: 'HIPAA Requirement'};
}
if (tab === 'nist') {
const nistTabs = await this.commonData.getNIST();
this.$scope.nistTabs = nistTabs;
this.$scope.selectedNistIndex = 0;
this.$scope.nistReqs = {items: nistTabs, reqTitle: 'NIST 800-53 Requirement'};
}
if (tab === 'sca') {

154
public/controllers/overview/components/requirement-card.js Normal file
View File

@ -0,0 +1,154 @@
import React, { Component } from 'react';
import PropTypes from 'prop-types';
import { EuiButtonEmpty, EuiButtonIcon, EuiCard, EuiFlexItem, EuiFlexGroup } from '@elastic/eui';
export class RequirementCard extends Component {
constructor(props) {
super(props);
this.state = {
position: 0,
slider: [],
sliderLength: 0
};
this.chunkSize = 4;
this.chartNum = 250;
this.expanded = false;
}
buildSlider() {
const items = this.props.items.map((req, index) => {
const title = `${this.props.reqTitle}: ${req.title}`;
const expandMessage = this.expanded ? 'Show less' : 'More info'
const cardFooterContent = (
<EuiButtonEmpty
iconType="iInCircle"
size="xs"
className="footer-req wz-margin--10"
onClick={() => this.expand()}>
{expandMessage}
</EuiButtonEmpty>
);
if (req.content.length >= this.chartNum) {
const content = this.expanded ? req.content : `${req.content.substring(0, this.chartNum - 5)}...`
return (
<EuiFlexItem key={index}>
<EuiCard
title={title}
description={content}
textAlign="left"
className="wz-padding-bt-5 reqCard"
footer={cardFooterContent}
/>
</EuiFlexItem>
);
} else {
return (
<EuiFlexItem key={index}>
<EuiCard
title={title}
description={req.content}
textAlign="left"
className="wz-padding-bt-5 reqCard"
/>
</EuiFlexItem>
)
}
});
const slider = this.chunk(items, this.chunkSize);
const lastArr = slider.length - 1;
const last = slider[lastArr];
const rest = this.chunkSize - last.length;
if (last.length < this.chunkSize) {
for (let i = 0; i < rest; i++) {
slider[lastArr].push(
<EuiFlexItem key={`hidden${i}`}>
<EuiCard
title='Title'
className='hiddenCard'
description='Description'
textAlign='left'
/>
</EuiFlexItem>
)
}
}
this.setState({ slider: slider, sliderLength: slider.length });
}
/**
* Expands the card to show all info
*/
expand() {
this.expanded = !this.expanded;
this.buildSlider()
}
/**
* Slides to the right the slider
*/
slideRight() {
const newPos = this.state.position + 1;
this.setState({ position: newPos });
}
/**
* Slides to the left the slider
*/
slideLeft() {
const newPos = this.state.position - 1;
this.setState({ position: newPos });
}
/**
* Split an array into smallers array
* @param {Array} array
* @param {Number} size
*/
chunk = (array, size) => {
const chunked = [];
for (const item of array) {
const last = chunked[chunked.length - 1];
if (!last || last.length === size) {
chunked.push([item]);
} else {
last.push(item);
}
}
return chunked;
}
render() {
if (!this.state.slider.length) this.buildSlider();
const cards = this.state.slider[this.state.position];
return (
<div>
<EuiFlexGroup gutterSize="l">
{(this.state.sliderLength > 1 && this.state.position > 0) && (
<EuiButtonIcon
className="wz-margin-left-10"
iconType="arrowLeft"
aria-label="Previous"
onClick={() => this.slideLeft()}
/>
)}
{cards}
{(this.state.sliderLength > 1 && this.state.position < this.state.sliderLength - 1) && (
<EuiButtonIcon
className="wz-margin-right-10"
iconType="arrowRight"
aria-label="Next"
onClick={() => this.slideRight()}
/>
)}
</EuiFlexGroup>
</div >
);
}
}
RequirementCard.propTypes = {
items: PropTypes.array,
reqTitle: PropTypes.string
};

4
public/controllers/overview/index.js
View File

@ -14,6 +14,7 @@ import { OverviewController } from './overview';
import { WelcomeScreen } from './components/welcome';
import { Stats } from './components/stats';
import { AlertsStats } from './components/alerts-stats';
import { RequirementCard } from './components/requirement-card';
const app = uiModules.get('app/wazuh', ['react']);
@ -21,4 +22,5 @@ app
.controller('overviewController', OverviewController)
.value('WelcomeScreenOverview', WelcomeScreen)
.value('StatsOverview', Stats)
.value('AlertsStats', AlertsStats);
.value('AlertsStats', AlertsStats)
.value('RequirementCard', RequirementCard);

12
public/controllers/overview/overview.js
View File

@ -274,26 +274,22 @@ export class OverviewController {
if (newTab === 'pci') {
const pciTabs = await this.commonData.getPCI();
this.pciTabs = pciTabs;
this.selectedPciIndex = 0;
this.pciReqs = {items: pciTabs, reqTitle: 'PCI DSS Requirement'};
}
if (newTab === 'gdpr') {
const gdprTabs = await this.commonData.getGDPR();
this.gdprTabs = gdprTabs;
this.selectedGdprIndex = 0;
this.gdprReqs = {items: gdprTabs, reqTitle: 'GDPR Requirement'};
}
if (newTab === 'hipaa') {
const hipaaTabs = await this.commonData.getHIPAA();
this.hipaaTabs = hipaaTabs;
this.selectedHipaaIndex = 0;
this.hipaaReqs = {items: hipaaTabs, reqTitle: 'HIPAA Requirement'};
}
if (newTab === 'nist') {
const nistTabs = await this.commonData.getNIST();
this.nistTabs = nistTabs;
this.selectedNistIndex = 0;
this.nistReqs = {items: nistTabs, reqTitle: 'NIST 800-53 Requirement'};
}
if (newTab !== 'welcome') this.tabHistory.push(newTab);

46
public/less/common.less
View File

@ -1087,13 +1087,59 @@ md-toolbar.md-default-theme:not(.md-menu-toolbar), md-toolbar:not(.md-menu-toolb
height: 150px;
}
.wz-margin-10 {
margin: 10px;
}
.wz-margin-left-10 {
margin-left: 10px;
}
.wz-margin-right-10 {
margin-right: 10px;
}
.hiddenCard {
opacity: 0;
cursor: default !important;
}
.footer-req {
margin-top: -15px !important;
font-size: 12px !important;
cursor: pointer !important;
}
.wz-padding-bt-5 {
padding-bottom: 5px !important;
}
.wz-margin--10 {
margin-left: -10px;
}
.header-global-wrapper + .app-wrapper:not(.hidden-chrome) {
top: 48px!important;
left: 48px!important;
}
.application>div{
padding-top: 50px;
}
.reqCard {
cursor: default !important;
}
.reqCard:hover, .reqCard:focus {
transform: translateY(0px) !important;
box-shadow: 0 2px 2px -1px rgba(152, 162, 179, 0.3), 0 1px 5px -2px rgba(152, 162, 179, 0.3) !important;
}
.reqCard:hover .euiCard__title, .reqCard:focus .euiCard__title {
text-decoration: none !important;
}
@media only screen and (max-width: 767px){
.header-global-wrapper + .app-wrapper:not(.hidden-chrome) {
left: 0!important;

17
public/templates/agents/agents-gdpr.html
View File

@ -3,21 +3,8 @@
<!-- View: Panels -->
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedGdprIndex" class="wz-md-tab" md-border-bottom md-dynamic-height
id="gdprReq_tab">
<md-tab ng-repeat="tab in gdprTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">GDPR Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="gdprReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="gdprReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-300">

19
public/templates/agents/agents-hipaa.html
View File

@ -2,23 +2,10 @@
layout-align="start">
<!-- View: Panels -->
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedHipaaIndex" class="wz-md-tab" md-border-bottom md-dynamic-height id="hipaaReq_tab">
<md-tab ng-repeat="tab in hipaaTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">HIPAA Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="hipaaReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="hipaaReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-300">
<md-card flex class="wz-md-card" ng-class="{'fullscreen': expandArray[0]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(0)">

23
public/templates/agents/agents-nist.html
View File

@ -1,22 +1,10 @@
<md-content flex layout="column" ng-if="tab === 'nist' && tabView === 'panels'" ng-class="{'no-opacity': resultState !== 'ready' || !rendered}"
layout-align="start">
<md-content flex layout="column" ng-if="tab === 'nist' && tabView === 'panels'"
ng-class="{'no-opacity': resultState !== 'ready' || !rendered}" layout-align="start">
<!-- View: Panels -->
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedNistIndex" class="wz-md-tab" md-border-bottom md-dynamic-height id="nistReq_tab">
<md-tab ng-repeat="tab in nistTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">NIST-800-53 Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="nistReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="nistReqs" />
</div>
<div layout="row" layout-align="center stretch" class="height-300">
@ -81,7 +69,8 @@
</span>
</md-card-actions>
<md-card-content class="wazuh-column">
<kbn-vis id="Wazuh-App-Agents-NIST-Rule-level-distribution" vis-id="'Wazuh-App-Agents-NIST-Rule-level-distribution'"></kbn-vis>
<kbn-vis id="Wazuh-App-Agents-NIST-Rule-level-distribution"
vis-id="'Wazuh-App-Agents-NIST-Rule-level-distribution'"></kbn-vis>
</md-card-content>
</md-card>
</div>

44
public/templates/agents/agents-pci.html
View File

@ -1,26 +1,14 @@
<md-content flex layout="column" ng-if="tab === 'pci' && tabView === 'panels'" ng-class="{'no-opacity': resultState !== 'ready' || !rendered}"
layout-align="start">
<md-content flex layout="column" ng-if="tab === 'pci' && tabView === 'panels'"
ng-class="{'no-opacity': resultState !== 'ready' || !rendered}" layout-align="start">
<!-- View: Panels -->
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedPciIndex" class="wz-md-tab" md-border-bottom md-dynamic-height id="pciReq_tab">
<md-tab ng-repeat="tab in pciTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">PCI DSS Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="pciReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="pciReqs" />
</div>
<div layout="row" layout-align="center stretch" class="height-300">
<md-card flex class="wz-md-card" ng-class="{'fullscreen': expandArray[0]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(0)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(0)">
<span class="wz-headline-title">Top 5 rule groups</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(0)">
@ -32,8 +20,7 @@
</md-card-content>
</md-card>
<md-card flex class="wz-md-card" ng-class="{'fullscreen': expandArray[1]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(1)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(1)">
<span class="wz-headline-title">Top 5 rules</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(1)">
@ -45,8 +32,7 @@
</md-card-content>
</md-card>
<md-card flex class="wz-md-card" ng-class="{'fullscreen': expandArray[2]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(2)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(2)">
<span class="wz-headline-title">Top 5 PCI DSS requirements</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(2)">
@ -61,8 +47,7 @@
<div layout="row" layout-align="center stretch" class="height-300">
<md-card flex="70" class="wz-md-card" ng-class="{'fullscreen': expandArray[3]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(3)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(3)">
<span class="wz-headline-title">PCI Requirements</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(3)">
@ -74,8 +59,7 @@
</md-card-content>
</md-card>
<md-card flex class="wz-md-card" ng-class="{'fullscreen': expandArray[4]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(4)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(4)">
<span class="wz-headline-title">Rule level distribution</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(4)">
@ -83,15 +67,15 @@
</span>
</md-card-actions>
<md-card-content class="wazuh-column">
<kbn-vis id="Wazuh-App-Agents-PCI-Rule-level-distribution" vis-id="'Wazuh-App-Agents-PCI-Rule-level-distribution'"></kbn-vis>
<kbn-vis id="Wazuh-App-Agents-PCI-Rule-level-distribution"
vis-id="'Wazuh-App-Agents-PCI-Rule-level-distribution'"></kbn-vis>
</md-card-content>
</md-card>
</div>
<div layout="row" layout-align="center stretch" class="height-570">
<md-card class="wz-md-card" flex ng-class="{'fullscreen': expandArray[5]}">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis"
ng-dblclick="expand(5)">
<md-card-actions layout="row" layout-align="end center" class="wz-card-actions-vis" ng-dblclick="expand(5)">
<span class="wz-headline-title">Alerts summary</span>
<span flex></span>
<span class="cursor-pointer" ng-click="expand(5)">

17
public/templates/overview/overview-gdpr.html
View File

@ -1,21 +1,8 @@
<md-content flex layout="column" ng-if="octrl.tab === 'gdpr' && octrl.tabView === 'panels'"
ng-class="{'no-opacity': resultState !== 'ready' || !rendered}" layout-align="start">
<div layout="row" layout-align="center stretch" ng-show="octrl.gdprTabs.length">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedGdprIndex" class="wz-md-tab" md-border-bottom md-dynamic-height
id="gdprReq_tab">
<md-tab ng-repeat="tab in octrl.gdprTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">GDPR Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="octrl.gdprReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="octrl.gdprReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-400">

16
public/templates/overview/overview-hipaa.html
View File

@ -1,20 +1,8 @@
<md-content flex layout="column" ng-if="octrl.tab === 'hipaa' && octrl.tabView === 'panels'" ng-class="{'no-opacity': resultState !== 'ready' || !rendered}"
layout-align="start">
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedPciIndex" class="wz-md-tab" md-border-bottom md-dynamic-height id="hipaaReq_tab">
<md-tab ng-repeat="tab in octrl.hipaaTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">HIPAA Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="octrl.hipaaReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="octrl.hipaaReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-400">

16
public/templates/overview/overview-nist.html
View File

@ -1,20 +1,8 @@
<md-content flex layout="column" ng-if="octrl.tab === 'nist' && octrl.tabView === 'panels'" ng-class="{'no-opacity': resultState !== 'ready' || !rendered}"
layout-align="start">
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedPciIndex" class="wz-md-tab" md-border-bottom md-dynamic-height id="nistReq_tab">
<md-tab ng-repeat="tab in octrl.nistTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">NIST 800-53 Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="octrl.nistReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="octrl.nistReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-400">

17
public/templates/overview/overview-pci.html
View File

@ -1,21 +1,8 @@
<md-content flex layout="column" ng-if="octrl.tab === 'pci' && octrl.tabView === 'panels'"
ng-class="{'no-opacity': resultState !== 'ready' || !rendered}" layout-align="start">
<div layout="row" layout-align="center stretch">
<md-card flex class="wz-md-card">
<md-tabs md-selected="selectedPciIndex" class="wz-md-tab" md-border-bottom md-dynamic-height
id="pciReq_tab">
<md-tab ng-repeat="tab in octrl.pciTabs" ng-disabled="tab.disabled" label="{{tab.title}}">
<div class="md-padding">
<span class="wz-headline-title">PCI DSS Requirement: {{tab.title}}</span>
<md-divider class="wz-margin-top-10"></md-divider>
<div layout="row" class="wz-padding-top-10 wz-line-height">
<div ng-bind-html="tab.content"></div>
</div>
</div>
</md-tab>
</md-tabs>
</md-card>
<div ng-if="octrl.pciReqs" class="wz-margin-10">
<react-component name='RequirementCard' props="octrl.pciReqs"/>
</div>
<div layout="row" layout-align="center stretch" class="height-400">

4
server/integration-files/gdpr-requirements.js
View File

@ -11,7 +11,7 @@
*/
export const gdprRequirementsFile = {
'II_5.1.f':
'Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, verifying its modifications, accesses, locations and guarantee the safety of them.<br>File sharing protection and file sharing technologies that meet the requirements of data protection.',
'Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, verifying its modifications, accesses, locations and guarantee the safety of them.File sharing protection and file sharing technologies that meet the requirements of data protection.',
'III_14.2.c': ' Restrict the processing of personal data temporarily.',
III_17: ' Permanently erase personal information of a subject.',
'IV_24.2':
@ -29,5 +29,5 @@ export const gdprRequirementsFile = {
'IV_35.1':
'Perform a data protection impact evaluation for high risk processes. Implement appropriate technical measures to safeguard the rights and freedoms of data subjects, informed by an assessment of the risks to these rights and freedoms.',
'IV_35.7.d':
'Capabilities for identification, blocking and forensic investigation of data breaches by malicious actors, through compromised credentials, unauthorized network access, persistent threats and verification of the correct operation of all components.<br>Network perimeter and endpoint security tools to prevent unauthorized access to the network, prevent the entry of unwanted data types and malicious threats. Anti-malware and anti-ransomware to prevent malware and ransomware threats from entering your devices.<br>A behavioral analysis that uses machine intelligence to identify people who do anomalous things on the network, in order to give early visibility and alert employees who start to become corrupt.'
'Capabilities for identification, blocking and forensic investigation of data breaches by malicious actors, through compromised credentials, unauthorized network access, persistent threats and verification of the correct operation of all components.Network perimeter and endpoint security tools to prevent unauthorized access to the network, prevent the entry of unwanted data types and malicious threats. Anti-malware and anti-ransomware to prevent malware and ransomware threats from entering your devices.A behavioral analysis that uses machine intelligence to identify people who do anomalous things on the network, in order to give early visibility and alert employees who start to become corrupt.'
};

2
server/integration-files/hipaa-requirements.js
View File

@ -11,7 +11,7 @@
*/
export const hipaaRequirementsFile = {
'164.312.a.1':
'Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.',
'Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have access.',
'164.312.a.2.I':
'Assign a unique name and/or number for identifying and tracking user identity.',
'164.312.a.2.II':

18
server/integration-files/pci-requirements.js
View File

@ -15,7 +15,7 @@ export const pciRequirementsFile = {
'1.3.4':
'Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.',
'1.4':
'Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE. Firewall (or equivalent) configurations include:<br><ul><li>Specific configuration settings are defined.</li><li>Personal firewall (or equivalent functionality) is actively running.</li><li>Personal firewall (or equivalent functionality) is not alterable by users of the portable computing devices.</li></ul>',
'Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE. Firewall (or equivalent) configurations include:Specific configuration settings are defined. Personal firewall (or equivalent functionality) is actively running. Personal firewall (or equivalent functionality) is not alterable by users of the portable computing devices. ',
'2.2':
'Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry accepted system hardening standards (CIS, ISO, SANS, NIST).',
'2.2.2':
@ -24,15 +24,15 @@ export const pciRequirementsFile = {
'Implement additional security features for any required services, protocols, or daemons that are considered to be insecure',
'2.2.4': 'Configure system security parameters to prevent misuse.',
'4.1':
'Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks, including the following:<br><ul><li>Only trusted keys and certificates are accepted.</li><li>The protocol in use only supports secure versions or configurations.</li><li>The encryption strength is appropriate for the encryption methodology in use</li></ul>',
'Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks, including the following:Only trusted keys and certificates are accepted. The protocol in use only supports secure versions or configurations. The encryption strength is appropriate for the encryption methodology in use. ',
'5.1':
'Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).',
'5.2':
'Ensure that all anti-virus mechanisms are maintained as follows:<br><ul><li>Are kept current</li><li>Perform periodic scans</li><li>Generate audit logs which are retained per PCI DSS Requirement 10.7.</li></ul>',
'Ensure that all anti-virus mechanisms are maintained as follows:Are kept current. Perform periodic scans. Generate audit logs which are retained per PCI DSS Requirement 10.7. ',
'6.2':
'Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.',
'6.5':
'Address common coding vulnerabilities in software development processes as follows:<br><ul><li>Train developers in secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory.</li><li>Develop applications based on secure coding guidelines</li></ul>',
'Address common coding vulnerabilities in software development processes as follows:Train developers in secure coding techniques, including how to avoid common coding vulnerabilities, and understanding how sensitive data is handled in memory. Develop applications based on secure coding guidelines. ',
'6.5.1':
'Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws.',
'6.5.2': 'Buffer overflows',
@ -42,12 +42,12 @@ export const pciRequirementsFile = {
'Improper access control (such an insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions).',
'6.5.10': 'Broken authentication and session management.',
'6.6':
'For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:<ul><li>Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes</li><li>Installing an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic.</li></ul>',
'For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes. Installing an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic. ',
'8.1.2':
'Control addition, deletion, and modification of user IDs, credentials, and other identifier objects.',
'8.1.4': 'Remove/disable inactive user accounts within 90 days.',
'8.1.5':
'Manage IDs used by third parties to access, support, or maintain system components via remote access as follows:<ul><li>Enabled only during the time period needed and disabled when not in use.</li><li>Monitored when in use.</li></ul>',
'Manage IDs used by third parties to access, support, or maintain system components via remote access as follows:Enabled only during the time period needed and disabled when not in use. Monitored when in use. ',
'8.1.6':
'Limit repeated access attempts by locking out the user ID after not more than six attempts.',
'8.1.8':
@ -56,7 +56,7 @@ export const pciRequirementsFile = {
'8.5.1':
'Additional requirement for service providers: Service providers with remote access to customer premises (for example, for support of POS systems or servers) must use a unique authentication credential (such as a password/phrase) for each customer.',
'8.7':
'All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows:<ul><li>All user access to, user queries of, and user actions on databases are through programmatic methods.</li><li>Only database administrators have the ability to directly access or query databases.</li><li>Application IDs for database applications can only be used by the applications (and not by individual users or other non-application processes).</li></ul>',
'All access to any database containing cardholder data (including access by applications, administrators, and all other users) is restricted as follows:All user access to, user queries of, and user actions on databases are through programmatic methods. Only database administrators have the ability to directly access or query databases. Application IDs for database applications can only be used by the applications (and not by individual users or other non-application processes).',
'10.1':
'Implement audit trails to link all access to system components to each individual user.',
'10.2.1': 'All individual user accesses to cardholder data',
@ -75,9 +75,9 @@ export const pciRequirementsFile = {
'10.6':
'Review logs and security events for all system components to identify anomalies or suspicious activity',
'10.6.1':
'Review the following at least daily: <br><ul><li>All security events</li><li>Logs of all system components that store, process, or transmit CHD and/or SAD, or that could</li>impact the security of CHD and/or SAD</li><li>Logs of all critical system components</li><li>Logs of all servers and system components that perform security functions (for example, firewalls, intrusion detection systems/intrusion prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, etc.)</li></ul>',
'Review the following at least daily: All security events. Logs of all system components that store, process, or transmit CHD and/or SAD, or that could. impact the security of CHD and/or SAD. Logs of all critical system components. Logs of all servers and system components that perform security functions (for example, firewalls, intrusion detection systems/intrusion prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, etc.). ',
'11.4':
'Use intrusion detection and/or intrusion prevention techniques to detect and/or prevent intrusions into the network.<br>Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines, baselines, and signatures up to date.',
'Use intrusion detection and/or intrusion prevention techniques to detect and/or prevent intrusions into the network.Monitor all traffic at the perimeter of the cardholder data environment as well as at critical points in the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines, baselines, and signatures up to date.',
'11.5':
'Deploy a change detection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.'
};