Question 1

Is attach_policy enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks whether the S3 bucket policy prevents principals from other AWS accounts from performing denied actions on resources in the S3 bucket.

Question 2

Is block_public_acls enforced for PCI DSS v4.0?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Simple Storage Service (AWS S3) buckets cannot be publicly accessed.

Question 3

Is block_public_policy enforced for PCI DSS v4.0?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Simple Storage Service (AWS S3) buckets cannot be publicly accessed.

Question 4

Is ignore_public_acls enforced for PCI DSS v4.0?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Simple Storage Service (AWS S3) buckets cannot be publicly accessed.

Question 5

Is lifecycle_rule enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks if AWS Simple Storage Service (AWS S3) version enabled buckets have lifecycle policy configured. This rule fails if AWS S3 lifecycle policy is not enabled.

Question 6

Is logging enforced for PCI DSS v4.0?

Accepted Answer

Yes, AWS Simple Storage Service (AWS S3) server access logging provides a method to monitor the network for potential cybersecurity events.

Question 7

Is object_lock_enabled enforced for PCI DSS v4.0?

Accepted Answer

Yes, Ensure that your AWS Simple Storage Service (AWS S3) bucket has lock enabled, by default.

Question 8

Is object_ownership enforced for PCI DSS v4.0?

Accepted Answer

Yes, This control checks whether AWS S3 buckets provide user permissions via ACLs. The control fails if ACLs are configured for managing user access on S3 buckets.

Question 9

Is replication_configuration enforced for PCI DSS v4.0?

Accepted Answer

Yes, AWS Simple Storage Service (AWS S3) Cross-Region Replication (CRR) supports maintaining adequate capacity and availability.

Question 10

Is restrict_public_buckets enforced for PCI DSS v4.0?

Accepted Answer

Yes, Manage access to resources in the AWS Cloud by ensuring that AWS Simple Storage Service (AWS S3) buckets cannot be publicly accessed.

Question 11

Is server_side_encryption_configuration enforced for PCI DSS v4.0?

Accepted Answer

Yes, To help protect data at rest, ensure encryption is enabled for your AWS Simple Storage Service (AWS S3) buckets.

Question 12

Is versioning enforced for PCI DSS v4.0?

Accepted Answer

Yes, Once MFA Delete is enabled on your sensitive and classified S3 bucket it requires the user to have two forms of authentication.

AWS S3 bucket Terraform module

Terraform Module Source