[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklist for Windows 2008 published 2016-09-14

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Sep 14 03:44:43 PDT 2016

IBM BigFix Compliance PCI Add-on

Updated PCI DSS Checklist for Windows 2008 with improved data presentation

Updated PCI DSS Checklist

Published Benchmark:
Payment Card Industry Data Security Standard v3.2

The IBM BigFix Compliance PCI Add-on team has updated the content of the 
PCI DSS checklist for Windows 2008 to improve the data presentation. 
Details are as follows:
The measured values for each check, which can be viewed in the BigFix 
console, analyses, and SCA reports are formatted for enhanced readability. 
The results now clearly present the desired system configuration setting, 
as specified by a check, against the actual setting on the endpoint.
Some titles and descriptions of the checks are updated with the 
standardized format and extensions.

The PCI DSS checklist for Windows 2008 also contains the following 
additional checks:
Verify that "User Account Control: Behavior of the elevation prompt for 
administrators in Admin Approval Mode" on Windows 2008 R2 is set to 
'prompt for credentials on the secure desktop' (pcidss-7.2.2_43.3)
Verify that "Bypass traverse checking" on Windows 2008 is set to 
'Authenticated Users, Network Service, Local Service, Administrators, 
Backup Operators' (pcidss-7.2.2_6.3)
Verify that "Change the system time" is set to 'Administrators, Local 
Service' (pcidss-10.4.2.a_3)

Published Site:
PCI DSS Checklist for Windows 2008, version 9
*The site version is provided for air-gap customers.

Actions to Take:
If you use custom sites, update your custom sites accordingly to use the 
latest content. You can synchronize your content by using the Synchronize 
Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
If you have not subscribed to the site above, you can use the License 
Overview dashboard to enable and gather the sites. Note that you must be 
entitled to the new content and you are using IBM BigFix version 9.2 and 
If you were involved in the Beta / Early Access Program for IBM BigFix 
Compliance PCI Add-on, unsubscribe from the beta sites to avoid any 
conflicting issues with the production sites. If you do not unsubscribe 
from the beta sites, the content in the production sites will fail.

More information:
To know more information about the IBM BigFix Compliance PCI DSS 
checklists, see:

IBM BigFix Compliance PCI Add-on User's Guide in the BigFix developerWorks 
wiki: https://ibm.biz/BdrBtk
SCM Checklist Deployment: https://ibm.biz/BdrBtU
IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5
BigFix forums: https://forum.bigfix.com/

We hope you find this latest release of PCI DSS content useful and 
effective. Thank you!

 -- The IBM BigFix Compliance PCI Add-on team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20160914/af104811/attachment.html>

More information about the Besadmin-announcements mailing list