The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards governed by the Payment Card Industry Security Standards Council (PCI SSC). PCI SSC compliance scheme aims to secure credit and debit card transactions against data theft and fraud. Google Cloud does a third-party audit annually to certify individual products against the PCI DSS, and customers can build off of these attestations to measure their application’s compliance. You can monitor workload compliance with the PCI DSS Policy Bundle for your new and existing applications.

The PCI DSS Policy Bundle

Policy Controller is used to applying individual constraints to your cluster or write your custom policies. Instead, you can also use policy bundles without writing any restrictions. Policy bundles are constraints that can help apply best practices, meet industry standards, or solve regulatory problems across your cluster resources. And you can apply policy bundles to your existing clusters to check if your workloads are compliant. With the Google Cloud’s PCI DSS v3.2.1 Policy Bundle adds to Anthos Config Management (ACM), security administrators can understand compliance with PCI DSS requirements using the Policy Controller Dashboard. Each constraint in the PCI DSS bundle has a PCI DSS control number listed, which can be mapped back to PCI requirements, and these mappings may be used during compliance reporting, as needed.

Starting with the PCI DSS v3.2.1 Policy bundle

As prerequisites, you need an Anthos Cluster(s) with Policy Controller v1.14.0 or higher. The policies are configured in “audit” mode by default, so they do not impact your existing or new workloads.

Step 1. Install and initialize the Google Cloud CLI.

Step 2. Install Policy Controller.

Step 3. Save the YAML manifest to a file as policycontroller-config.yaml. The manifest configures Policy Controller to watch specific kinds of objects.

The YAML manifest is given below.

Copy to Clipboard

If you have an existing Config in the gatekeeper-system namespace, you must include all previous customization settings to preserve your changes.

Step 4. Apply the policycontroller-config.yaml manifest given below.

Copy to Clipboard

Step 5. Preview the policy constraints with the following.

Copy to Clipboard

Step 6. Apply the policy constraints using:

Copy to Clipboard

Step 7. Verify that policy constraints have been installed and check if violations exist across the cluster using the following.

Copy to Clipboard

Policy Controller Dashboard

If a violation exists, it includes the steps to fix the violation, which can be viewed both from CLI and the Policy Controller dashboard. The Policy Controller dashboard provides a UI, including policy usage metrics and an ability to set up log-based alerts.

Monitor Workload Compliance with the PCI DSS Policy Bundle

Policy Controller includes the metrics related to policy usage, such as the number of constraints, constraint templates, and audit violations detected. And can set up alerts based on these metrics.


Monitor workload compliance with the PCI DSS Policy Bundle for your existing and new applications. Policy bundles help users without writing a single line of code. And you can view the status of Policy bundle coverage and compliance of clusters using the Policy Controller dashboard.

The expert team of Metclouds Technologies is here to assist you with PCI DSS Policy Bundle.