[BESAdmin-Announcements] SCM Content UPDATE: PCI DSS Checklist for Windows 2008, Windows 2012, and Windows 7

[Announcements for BES Administrators]

IBM BigFix Compliance PCI Add-on
Security Configuration Management (SCM)

The IBM BigFix Compliance team has updated the content for the Payment 
Card Industry Data Security Standard (PCI DSS) checklist for Windows 2008, 
Windows 2012, and Windows 7. See details below.

Updated Site:
PCI DSS Checklist for Windows 7, version 5
PCI DSS Checklist for Windows 2012, version 7
PCI DSS Checklist for Windows 2008, version 7
*The site version is provided for air-gap customers.

Changelist:
For Windows 7:
The following checks are updated to resolve APAR IV85006 - Long Evaluation 
Cycle Time: 
“Verify that Administrator account is renamed on the system” 
(pcidss-2.1.b_1)
“Verify that Guest account is renamed on the system” (pcidss-2.1.b_2)
“Verify that Administrator account on the system is set to Disabled” 
(pcidss-2.1.b_3) 
“Verify that Guest account on the system is set to Disabled” 
(pcidss-2.1.b_4)
The check named “Verify that "Interactive Logon: Do not require 
CTRL+ALT+DEL" is set to Disabled” (pcidss-8.2_0.5) is updated due to the 
incorrect desired value.
The source ID for the following checks are renumbered:
“Verify that "Local Policy: Debug programs" is set to Administrators” 
Source ID pcidss-7.2.3_5 is updated to pcidss-7.2.2_59.
“Verify that "Local Policy: Deny log on locally" is set to Guests” 
Source ID pcidss-7.2.3_6 is updated to pcidss-7.2.2_60.
For Windows 2012:
The following checks are updated to resolve APAR IV85006 - Long Evaluation 
Cycle Time: 
“Verify that Administrator account is renamed on the system” 
(pcidss-2.1.b_1)
“Verify that Guest account is renamed on the system” (pcidss-2.1.b_2)
“Verify that Administrator account on the system is set to Disabled” 
(pcidss-2.1.b_3) 
“Verify that Guest account on the system is set to Disabled” 
(pcidss-2.1.b_4)
The check named “Verify that "Audit Policy: DS Access: Directory Service 
Changes" for Enterprise Domain Controller is set to Success” 
(pcidss-10.2.2_6.1) is removed because Domain Controller is not supported.
Relevance of "Verify that remote-login command should be restricted 
through non console access for IIS HTTP Server" (pcidss-2.3.b.3) is 
updated with proper version of IIS.
For Windows 2008:
The following checks are updated to resolve APAR IV85006 - Long Evaluation 
Cycle Time: 
“Verify that Administrator account is renamed on the system” 
(pcidss-2.1.b_1)
“Verify that Guest account is renamed on the system” (pcidss-2.1.b_2)

Actions to Take:
If you use custom sites, update your custom sites accordingly to use the 
latest content. You can synchronize your content by using the Synchronize 
Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
If you have not subscribed to the site above, you can use the License 
Overview dashboard to enable and gather the sites. Note that you must be 
entitled to the new content and you are using IBM BigFix version 9.0 and 
later.
If you were involved in the Early Access Program for IBM BigFix Compliance 
PCI Add-on, unsubscribe from the beta sites to avoid any conflicting 
issues with the production sites. If you do not unsubscribe from the beta 
sites, the content in the production sites will fail.

Documentation Resources:
To know more about IBM BigFix Compliance PCI Add-on, see the IBM BigFix 
Compliance PCI Add-on User's Guide. 

We hope you find this latest release of SCM content useful and effective. 
Thank you!

 -- The IBM BigFix Compliance team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20160610/23666a99/attachment.html>