[BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklists for various Windows operating systems published 2017-04-20

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Thu Apr 20 03:42:41 PDT 2017 

Product:
IBM BigFix Compliance PCI Add-on
Title:
Updated PCI DSS Checklists for Windows 2012, Windows 2008, Windows 10, 
Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7 
sites to resolve issues with some checks
Category:
Updated PCI DSS checklist
Published Benchmark:
Payment Card Industry Data Security Standard v3.2
Details:
The IBM BigFix Compliance PCI Add-on team has updated the following 
Windows checklists:
PCI DSS Checklist for Windows 2012
The check Verify that "Prevent users from sharing files within their 
profile" is set to Enabled (pcidss-7.2.2.52) is updated to resolve the 
relevance false positive for APAR IV95039. 
The check Verify that "Trend Micro Common Firewall" is Enabled 
(pcidss-1.4.b.22) is updated to resolve an issue with reading incorrect 
registry keys.
The check Verify that "Interactive logon: Number of previous logons to 
cache (in case domain controller is not available)" is set to '4 or fewer 
logon(s)' (pcidss-3.1.a) is updated to reflect the correct relevance.
The check Verify that "Local Policy: Enable computer and user accounts to 
be trusted for delegation" is not set to any user (pcidss-7.2.3.1) is 
updated to reflect the correct relevance.
The check Verify that "MS Antivirus Software" service is active and 
running (pcidss-5.3.a_2) is updated to fix the remediation action to start 
the MpsSvc service.
PCI DSS Checklist for Windows 2008 
The check Verify that "Prevent users from sharing files within their 
profile" is set to Enabled (pcidss-7.2.2.52) is updated to resolve the 
relevance false positive for APAR IV95039. 
The check Verify that "Trend Micro Common Firewall" is Enabled 
(pcidss-1.4.b.22) is updated to resolve an issue with reading incorrect 
registry keys.
The check Verify that "Interactive logon: Number of previous logons to 
cache (in case domain controller is not available)" is set to '4 or fewer 
logon(s)' (pcidss-3.1.a) is updated to reflect the correct relevance.
The check Verify that "MS Antivirus Software" service is active and 
running (pcidss-5.3.a_2) is updated to fix the remediation action to start 
the MpsSvc service.
PCI DSS Checklist for Windows 10
The check Verify that "Prevent users from sharing files within their 
profile" is set to Enabled (pcidss-7.2.2.52) is updated to resolve the 
relevance false positive for APAR IV95039. 
The following checks are updated to include appropriate applicability 
relevance: 
o       Verify that "Outbound connections" for the domain profile is set 
to 'Allow (default)' (pcidss-1.4.b_7.10)
o       Verify that "Outbound connections" for the public profile is set 
to 'Allow (default)’ (pcidss-1.4.b.24.1)
PCI DSS Checklist for Windows 7, PCI DSS Checklist for Windows POSReady 7, 
and PCI DSS Checklist for Windows Embedded Standard 7
The check Verify that "Prevent users from sharing files within their 
profile" is set to Enabled (pcidss-7.2.2.52) is updated to resolve the 
relevance false positive for APAR IV95039. 
The checks Verify that "Trend Micro Common Firewall" is Enabled 
(pcidss-1.4.b.22) and Verify that Generic Firewall is set to Enabled 
(pcidss-1.4.b_23) are updated to resolve an issue with reading incorrect 
registry keys.
The check Verify that "Interactive logon: Number of previous logons to 
cache (in case domain controller is not available)" is set to '4 or fewer 
logon(s)' (pcidss-3.1.a) is updated to reflect the correct relevance.
The check Verify that "MS Antivirus Software" service is active and 
running (pcidss-5.3.a_2) is updated to fix the remediation action to start 
the MpsSvc service.
Published Sites:
PCI DSS Checklist for Windows 2012 site, version 11
PCI DSS Checklist for Windows 2008 site, version 11
PCI DSS Checklist for Windows 10 site, version 4
PCI DSS Checklist for Windows 7 site, version 8
PCI DSS Checklist for Windows Embedded POSReady 7 site, version 7 
PCI DSS Checklist for Windows Embedded Standard 7 site, version 5
*The site version is provided for air-gap customers
Actions to Take:
If you use custom sites, update your custom sites accordingly to use the 
latest content. You can synchronize your content by using the Synchronize 
Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
More information:
To know more information about the IBM BigFix Compliance PCI DSS 
checklists, see:
IBM BigFix Compliance PCI Add-on User's Guide in Knowledge Center: 
https://ibm.biz/BdrWCq
IBM BigFix Wiki: https://ibm.biz/BdrBtk
Release Announcements in the IBM BigFix Forum: https://ibm.biz/Bdsspw 
We hope you find this latest release of PCI DSS content useful and 
effective.
Thank you!
-- The IBM BigFix Compliance PCI Add-on team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20170420/7c95c539/attachment.html>

More information about the Besadmin-announcements mailing list