[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: New Support for CentOS 7 published 2016-12-14

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Dec 14 03:28:57 PST 2016 

Product:
IBM BigFix Compliance PCI Add-on

Title:
PCI DSS Checklist for RHEL 7 site updated to support both RHEL 7 and CentOS
7

Category:
Updated PCI DSS checklist

Published Benchmark:
Payment Card Industry Data Security Standard v3.2

Details:
      CentOS 7 is now supported in the PCI DSS Checklist for RHEL 7 site.
      This additional support is based on the guidance provided by the
      Payment Card Industry Data Security Standard (PCI DSS) v3.2 and on
      existing checks that are included in the PCI DSS Checklist for RHEL 7
      site.
      The available checks evaluate the security settings of your CentOS 7
      endpoints according to the PCI DSS standard.
      Some of the checks allow you to use the parameterized setting to
      enable customization for compliance evaluation and remediation
      actions to efficiently remediate a non-compliance issue with a single
      action. Note that parameterization requires the creation of a custom
      site.
      Several other updates are made to the PCI DSS Checklist for RHEL 7
      site to improve accuracy and performance:
         A new check “Verify that Environment Setup Task is executed for
         current site” is added to help ensure the correctness of the
         compliance data in the reports used by the Compliance Manager.
         The Applicability Fixlet called “Applicability Fixlet - PCI-DSS -
         RHEL 7" is updated to limit the scope to RHEL 7 systems only.
         A new Applicability Fixlet called “Applicability Fixlet for RHEL
         7, CentOS 7” is added for both RHEL 7 and CentOS 7 systems. This
         Fixlet excludes the "Verify that "rhnsd" daemon is disabled" check
         (pcidss-2.2.d_13.9), which is not applicable to CentOS 7 systems.
         The following checks were modified to replace yum commands with
         rpm commands to improve performance when querying the installed
         software list:
            Verify that "pam_ccreds" package is removed
            (pcidss-2.2.2.a_14.6)
            Verify that "DHCP" server is removed (pcidss-2.2.2.a_16.6)
            Verify that "rsyslog" package is installed
            (pcidss-2.2.2.a_17.6)
            Verify that "cronie-anacron" package is removed
            (pcidss-2.2.2.a_21.6)
            Verify that "FTP" server is removed (pcidss-2.2.2.a_8.6)
            Verify that "X Windows system" is removed (pcidss-2.2.2.a_9.6)
            Verify that "Network Information System" client is removed
            (pcidss-2.2.5.a_10.6)
            Verify that "Network Information System" server is removed
            (pcidss-2.2.5.a_11.6)
            Verify that "Trival File Transfer Protocol" client is removed
            (pcidss-2.2.5.a_12.6)
            Verify that "Trival File Transfer Protocol" server is removed
            (pcidss-2.2.5.a_13.6)
            Verify that "talk" package is removed (pcidss-2.2.5.a_14.6)
            Verify that "SETroubleshoot" package is removed
            (pcidss-2.2.5.a_1.6)
            Verify that "telnet-server" package is removed
            (pcidss-2.2.5.a_4.6)
            Verify that "talk-server" package is removed
            (pcidss-2.2.5.a_5.6)
            Verify that "xinetd" daemon is removed (pcidss-2.2.5.a_6.6)
            Verify that "telnet client" is removed (pcidss-2.2.5.a_7.6)
            Verify that "rsh-server" package is removed
            (pcidss-2.2.5.a_8.6)
            Verify that "rsh" package is removed (pcidss-2.2.5.a_9.6)
            Verify that "aide" is installed on the system
            (pcidss-2.2.4.b_12.6)

Published Site:
PCI DSS Checklist for RHEL 7, version 6

NOTE: If this site is not enabled, it is displayed in the License Overview
dashboard as PCI DSS Checklist for RHEL 7, CentOS 7. Otherwise, it is
listed as PCI DSS Checklist for RHEL 7, but supports both RHEL 7 and CentOS
7.

*The site version is provided for air-gap customers.

Actions to Take:
      If you have already enabled the updated site, gather the site changes
      and extend the site’s computer subscription to CentOS systems.
      If you have not enabled the updated site, enable it from the License
      Overview dashboard. Note that it is listed as PCI DSS Checklist for
      RHEL 7, CentOS 7 in the dashboard.

More information:
To know more information about the IBM BigFix Compliance PCI DSS
checklists, see:
      IBM BigFix Compliance PCI Add-on User's Guide in Knowledge Center:
      https://ibm.biz/BdrWCq
      IBM BigFix Wiki: https://ibm.biz/BdrBtk
      Release Announcements:
         IBM BigFix Forums: https://ibm.biz/Bdsspw (Official BigFix Release
         Announcements Channel)
         IBM BigFix Blog: https://ibm.biz/BdrBt5 (Deprecating)

We hope you find this latest release of PCI DSS content useful and
effective.

Thank you!
-- The IBM BigFix Compliance PCI Add-on team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20161214/e8900fae/attachment.html>

More information about the Besadmin-announcements mailing list