[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklists for RHEL 6 and Windows 2012 published 2016-11-17

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Thu Nov 17 05:01:21 PST 2016 

Product:
IBM BigFix Compliance PCI Add-on

Title:
Updated the PCI DSS Checklists for RHEL 6 and Windows 2012 for various 
enhancements

Category:
Updated PCI DSS checklist

Published Benchmark:
Payment Card Industry Data Security Standard v3.2

Details:
PCI DSS Requirements and Milestones Reporting in BigFix Compliance 
Analytics 1.8
In order to provide PCI DSS Requirements and Milestones based reporting, 
BigFix provides supplemental reports which can be installed in custom 
sites using an installer.  The installer is available in the PCI DSS 
Checklists for Windows 2012 and PCI DSS Checklists for RHEL 6 sites. The 
supplemental reports are updated to include cumulative checks for new PCI 
DSS sub-requirements.
PCI DSS checklist for Windows 2012 Update
The PCI DSS checklist for Windows 2012 is updated to include the following 
additional checks:
Verify that "Bypass traverse checking" on Windows 2012 DC is set to 
'Administrators, Authenticated Users, LOCAL SERVICE, NETWORK SERVICE' 
(pcidss-7.2.2_18.1)
Verify that "Change the system time" is set to 'Administrators, LOCAL 
SERVICE' (pcidss-10.4.2.a_3)
The measured values for some of the checks in the PCI DSS checklist for 
Windows 2012 are formatted for enhanced readability. These values can be 
viewed in the BigFix console, analyses, and BigFix Compliance Analytics 
reports. The results now clearly present the desired system configuration 
setting, as specified by a check, against the actual setting on the 
endpoint.
Some titles and descriptions of the checks in the PCI DSS checklist for 
Windows 2012 are updated with the standardized format and extensions.
PCI DSS checklist for RHEL 6 Update
The PCI DSS checklist for RHEL 6 is updated to include the “Verify that 
Environment Setup Task is executed for current site” check to help ensure 
the correctness of the compliance data in the reports used by the 
Compliance Manager.
The following checks in the PCI DSS checklist for RHEL 6 were modified to 
replace yum commands with rpm commands to improve performance when 
querying the installed software list: 
Verify that "pam_ccreds" package is removed (pcidss-2.2.2.a.14.8)
Verify that DHCP server is removed (pcidss-2.2.2.a.16.8)
Verify that "rsyslog" package is installed (pcidss-2.2.2.a.17.8)
Verify that "Advanced Intrusion Detection Environment" package is 
installed (pcidss-2.2.4.b.12.8)
Verify that "SETroubleshoot" package is removed (pcidss-2.2.5.a.1.8)
Verify that "Network Information System" client is removed 
(pcidss-2.2.5.a.10.8)
Verify that "Network Information System" server is removed 
(pcidss-2.2.5.a.11.8)
Verify that "Trival File Transfer Protocol" client is removed 
(pcidss-2.2.5.a.12.8)
Verify that "Trival File Transfer Protocol" server is removed 
(pcidss-2.2.5.a.13.8)
Verify that "talk" package is removed (pcidss-2.2.5.a.14.8)
Verify that "telnet-server" package is removed (pcidss-2.2.5.a.4.8)
Verify that "talk-server" package is removed (pcidss-2.2.5.a.5.8)
Verify that "xinetd" daemon is removed (pcidss-2.2.5.a.6.8)
Verify that telnet client is removed (pcidss-2.2.5.a.7.8)
Verify that "rsh-server" package is removed (pcidss-2.2.5.a.8.8)
Verify that "rsh" package is removed (pcidss-2.2.5.a.9.8)
Verify that XD/NX support is enabled on 32-bit x86 systems 
(pcidss-2.2.d.6.8)

Published Sites:
PCI DSS Checklist for Windows 2012, version 9
PCI DSS Checklist for RHEL 6, version 6

NOTE: The PCI DSS Checklist for RHEL 6 site supports CentOS 6. If this 
site is not enabled, it is displayed in the License Overview dashboard as 
PCI DSS Checklist for RHEL 6, CentOS 6. Otherwise, it is listed as PCI DSS 
Checklist for RHEL 6, but supports both RHEL 6 and CentOS 6.

*The site version is provided for air-gap customers

Actions to Take:
Complete the following steps:
1. Remove the previous versions of the PCI DSS Requirements and Milestones 
reporting custom sites. 
2. Update the reporting manually or with the import_milestones.sh. The 
update steps can be found in the Requirements and Milestones User’s Guide 
at https://ibm.biz/BdsZz7.

More information:
To know more information about the IBM BigFix Compliance PCI DSS 
checklists, see:
IBM BigFix Compliance PCI Add-on User's Guide in Knowledge Center: 
https://ibm.biz/BdrWCq
IBM BigFix Wiki: https://ibm.biz/BdrBtk 
Release Announcements: 
IBM BigFix Forums: https://ibm.biz/Bdsspw (Official BigFix Release 
Announcements Channel)
IBM BigFix Blog: https://ibm.biz/BdrBt5 (Deprecating)

We hope you find this latest release of PCI DSS content useful and 
effective.

Thank you!

-- The IBM BigFix Compliance PCI Add-on team


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20161117/0a386a99/attachment.html>

More information about the Besadmin-announcements mailing list