[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated Content: PCI DSS Checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 published 2016-07-13

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Jul 13 06:23:03 PDT 2016 

Product:
IBM BigFix Compliance PCI Add-on



Title:

Updated Security Configuration Management (SCM) PCI DSS Checklists for MS
IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to
comply with PCI DSS v3.2



Category:

Updated SCM checklist



Published Benchmark:

Payment Card Industry Data Security Standard v3.2



Details:

The IBM BigFix Compliance PCI Add-on team has updated the content for the
Payment Card Industry Data Security Standard (PCI DSS) checklists for MS
IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to
comply with PCI DSS v 3.2, as well as to include other enhancements.
Details are as follows.


 For MS IIS 7:


   ·	PCI DSS Requirements and Security Assessment Procedures v3.2 is
      supported in the identified checklists.


   ·	Existing checks are updated to contain PCI DSS v3.2 as the security
      standard source in the description.


   ·	The check named “Use only Strong Encryption Protocols - IIS7”
      (pcidss-4.1.e.7) is updated to disable SSL 3.0, TLS 1.0, and TLS 1.1,
      and to enable TLS 1.2 as a mandatory requirement.


   ·	The checks named “Set Deployment Method to Retail - IIS7”
      (pcidss-6.3.b.1) and “Ensure 'passwordFormat' Credentials Element not
      set to Clear - IIS7” (pcidss-8.2.1.a.7) are updated to correct the
      manual remediation steps in the description.


For MS SQL 2008 and MS SQL 2012:


   ·	PCI DSS Requirements and Security Assessment Procedures v3.2 is
      supported in the identified checklists.


   ·	Existing checks are updated to contain PCI DSS v3.2 as the security
      standard source in the description.


   ·	The measured values for “Verify that "Account Lockout Duration" is
      set to '30 minutes or more’” (pcidss-8.1.7), which can be viewed in
      the BigFix console, analyses, and SCA reports are formatted for
      enhanced readability. The results now clearly present the desired
      system configuration setting, as specified by a check, against the
      actual setting on the endpoint.


   ·	Some titles and descriptions are updated with the standardized format
      and extensions.


   ·	Several checks are updated to improve the presentation of system
      exceptions and parameter handling.


For Windows Embedded POSReady 2009:


   ·	PCI DSS Requirements and Security Assessment Procedures v3.2 is
      supported in the identified checklists.


   ·	Existing checks are updated to contain PCI DSS v3.2 as the security
      standard source in the description.


   ·	Some titles and descriptions are updated with the standardized format
      and extensions.



Published Site:
PCI DSS Checklist for MS IIS, version 6
PCI DSS Checklist for MS SQL 2008, version 7
PCI DSS Checklist for MS SQL 2012, version 8
PCI DSS Checklist for Windows Embedded POSReady 2009, version 4

*The site version is provided for air-gap customers.



Actions to Take:

·	If you use custom sites, update your custom sites accordingly to use
the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see
https://ibm.biz/Bd4LBt.
·	If you have not subscribed to the site above, you can use the License
Overview dashboard to enable and gather the sites. Note that you must be
entitled to the new content and you are using IBM BigFix version 9.0 and
later.
·	If you were involved in the Early Access Program for IBM BigFix
Compliance PCI Add-on, unsubscribe from the beta sites to avoid any
conflicting issues with the production sites. If you do not unsubscribe
from the beta sites, the content in the production sites will fail.



More information:
To view the announcement on the PCI DSS v3.2 support for Windows 2008,
Windows 2012, Windows 7, Windows Embedded POSReady 7, and Windows Embedded
Standard 7, click here: https://ibm.biz/BdrFiu.

Please note that PCI DSS v3.2 support for the existing PCI checklists for
other supported platforms will be available soon. Stay tuned for future
announcements.

To know more information about the IBM BigFix Compliance SCM checklists,
see:

IBM BigFix Compliance PCI Add-on User's Guide in the BigFix developerWorks
wiki: https://ibm.biz/BdrBtk

IBM developerWorks: https://ibm.biz/BdFiGQ

SCM Checklist Deployment: https://ibm.biz/BdrBtU

IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5

BigFix forums: https://forum.bigfix.com/



We hope you find this latest release of SCM content useful and effective.
Thank you!



 -- The IBM BigFix Compliance PCI Add-on team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20160713/74b3298d/attachment.html>

More information about the Besadmin-announcements mailing list