Professional Documents
Culture Documents
Cloud - Security Controls
Cloud - Security Controls
Spoofing
Tampering
Denial of Service
Elevation of Privilege
Spoofing
Tampering
Payment Compability layer, 1. Interface Between Payment
CBTS existing applications Compability layer to CBTS Enviornment
2 (( MAUI, OREx2.0,Order applications ( MAUI, OREx2.0,Order
Service, Classic Payment Service, Classic Payment Interface, Repudiation
Interface, Transit Service) Transit Service)
Payment Compability layer, 1. Interface Between Payment
CBTS existing applications Compability layer to CBTS Enviornment
2 (( MAUI, OREx2.0,Order applications ( MAUI, OREx2.0,Order
Service, Classic Payment Service, Classic Payment Interface, Repudiation
Interface, Transit Service) Transit Service)
Denial of Service
Elevation of Privilege
Tampering
Repudiation
Elevation of Privilege
Tampering
Elevation of Privilege
4 PubSub and Data API 1. Payment Microservice to Utilities (Data
API, Pub Sub)
Information
Disclosure
Spoofing
Information
Disclosure
Information
Disclosure
1. Pub Sub to Data Lake Listener
6 Data Lake Listener 2. Data Lake Listener to Payment
Transaction data reporting
Tampering
Required Security Controls Severity
Network Access controlE2:H32 required like firewall ,WAF, High
IDS/IPS as connecting to external system
Required Service to service authentication and authorization High
for API call between Cenpos/Cybersource connectors to
CyberSource TMS
SAST Code Testing and closure of any Vulnerabilities (Ankit to High
report if any critical vulnerabilities)
Required logging and auditing control by ensuring all logs are High
captured at CenPos and CyberSource Connector
Required Service to service authentication and authorization High
for API call between Cenpos/Cybersource connectors to
CyberSource TMS
HMAC Hashing for payment data transaction as additional High
controls
High Availability design of CenPos and CybeSource connector High
Network Access Control and Role based access with least High
privilage principles
SAST Code Testing and closure of any Vulnerabilities High
Input data validation at Cenpos and CyberSource connector High
side
Hardening of Cloud Infrastruture High
Connection between CBTS enviornment to AWS should be High
private VPN or IPSec tunnel with WAF
Authentication and Autherization required between AWS Medium
and CBTS services call
Required all new AWS Microservices SAST Code Testing and High
closure of Vulnerabilities
Data on transit should be encrypted with TLS1.2 Medium
Hashing /Digital signature or message authentication codes Medium
in transit to ensure data Integrity
Required logging and auditing control by ensuring all logs are Medium
captured of Payment Compability layer
Required Service to service authentication and authorization Medium
for API call between payment compability layer and CBTS
Applications
High Availability design for payment compability layer High
Network Access and Authorization Control High
Network Access Control and Role based access with least High
privilage principles
SAST Code Testing and closure of Vulnerabilities High
Input data validation High
Hardening of Cloud Infrastruture High
Data on transit should be encrypted with TLS1.2 Low
Hashing /Digital signature or message authentication codes Low
in transit to ensure data Integrity
Required logging and auditing control by ensuring all logs are Medium
captured of Cart, Payment Microservice and Payment
Configuration service
Required Service to service authentication and authorization Medium
for API call between microservices
High Availability design for Cart, Payment Microservice and High
Payment Configuration service
Network Access and Authorization Control High
Network Access Control and Role based access with least Medium
privilage principles