[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: New PCI DSS Policy reporting capability in BigFix Compliance Analytics V1.9 published 2016-12-13
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Tue Dec 13 08:36:15 PST 2016
Product:
IBM BigFix Compliance PCI Add-on
Title:
New PCI DSS Policy reporting in BigFix Compliance Analytics V1.9
Category:
Updated PCI DSS checklist
Published Benchmark:
Payment Card Industry Data Security Standard v3.2
Details:
BigFix Compliance Analytics V1.9 releases a new policy compliance
reporting capability that allows more effective analysis and
reporting of the different security configuration policies. For the
official announcement of BigFix Compliance Analytics V1.9, see
Compliance Release announcements
(https://forum.bigfix.com/c/release-announcements/compliance).
Based on the new BigFix Compliance Analytics V1.9 policy reporting
capability, BigFix Compliance PCI Add-on now provides the PCI DSS
Reporting site to generate the policy reports representing specific
PCI DSS Requirement or Milestone views. This site contains the
metadata files required for the creation of the PCI DSS policy report
views based on the check results evaluated at each endpoint. The PCI
DSS Reporting site can be easily enabled on the BigFix console.
The improved PCI DSS Requirements and Milestones based reports
provide several benefits:
o The PCI DSS compliance posture reporting is separate from the
Compliance SCM policy compliance reporting, based on other security
benchmarks such as CIS, DISA STIG, and USGCB.
o Easy drill down from the PCI DSS Requirement or Milestone
reporting view to get more details of the compliance results for each
checklist and individual checks.
o Compliance Managers and IT Managers can use the Milestone view
during early PCI DSS adoption to evaluate compliance progress and
prioritize actions.
o Compliance Managers can use the Requirements view to assess
compliance status against specific PCI DSS requirements and prepare
for audit.
o IT Managers can use the compliance data for specific endpoints
when assigning personnel to run remediation actions on non-compliant
checks.
Published Site:
PCI DSS Reporting, version 1
*The site version is provided for air-gap customers.
Actions to Take:
Enable the PCI DSS Reporting site from the License Overview
dashboard. Computer subscription to this site is not required.
Create a custom site for each external PCI DSS site. Subscribe
endpoints to only the custom sites that are applicable.
Configure the API connection from BigFix Compliance Analytics to add
a data source for viewing information about the database on which the
compliance data is based.
Note: More information about these actions are discussed in the “Setting
up the PCI DSS Policy Reports” section of the BigFix Compliance PCI
Add-on User’s Guide at https://ibm.biz/BdsyAm.
More information:
To know more information about the IBM BigFix Compliance PCI DSS
checklists, see:
Latest IBM BigFix Compliance PCI Add-on User's Guide in the BigFix
devWorks wiki: https://ibm.biz/BdsyAm
IBM BigFix Wiki: https://ibm.biz/BdrBtk
Release Announcements:
o IBM BigFix Forums: https://ibm.biz/Bdsspw (Official BigFix
Release Announcements Channel)
o IBM BigFix Blog: https://ibm.biz/BdrBt5 (Deprecating)
We hope you find this latest release of PCI DSS content useful and
effective.
Thank you!
-- The IBM BigFix Compliance PCI Add-on team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20161213/089c269b/attachment.html>
More information about the Besadmin-announcements
mailing list