[BESAdmin-Announcements] BigFix Compliance PCI Add-on: New PCI DSS Checklist for MS IIS 10 (PCI v4.0) published 2023-09-28

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Tue Oct 10 08:24:17 PDT 2023


*Product:*
BigFix Compliance PCI Add-on

*Title:*
PCI DSS Checklist for MS IIS 10 (PCI v4.0)

*Category:*
PCI DSS Checklist

*Security Benchmark:*
Payment Card Industry Data Security Standard v4.0

*Published Sites:*
PCI DSS Checklist for MS IIS 10 (PCI v4.0), site version 1.
PCI DSS Reporting, version 22.
(The site version is provided for air-gap customers.)

*Details:*

   - The BigFix Compliance PCI Add-on team is pleased to announce the
   availability of the new checklist for BigFix Compliance PCI Add-on: PCI DSS
   Checklist for MS IIS 10 (PCI v4.0).
   - This new checklist is based on the guidance provided by the Payment
   Card Industry Data Security Standard (PCI DSS) v4.0 and contains security
   configuration checks that evaluate the security settings of your MS IIS 10
   endpoints according to the PCI DSS standard.
   - As with most of the existing PCI DSS contents in the BigFix Compliance
   PCI Add-on library, this checklist includes checks with:
      - Corresponding analyses properties to report actual values.
      - Standardized titles, descriptions, and measured values for enhanced
      readability and consistency.
      - The ability to ensure correctness of compliance data.
      - Some of the checks allow you to use the parameterized setting to
      enable customization for compliance evaluation.
      - Most of the checks also support remediation that allows BigFix
      operators to efficiently remediate a non-compliance issue with a single
      action.
      - List of checks whose rules are not automatically assessed:
         1. ID: 1005 Title: Ensure PCI DSS Requirement 3 requirements are
         being operated (Rule not automatically assessed).
         2. ID: 1002 Title: Ensure PCI DSS Requirement 5 requirements are
         being operated (Rule not automatically assessed).
         3. ID: 1001 Title: Ensure PCI DSS Requirement 9 requirements are
         being operated (Rule not automatically assessed)
         4. ID: 1003 Title: Ensure PCI DSS Requirement 11 requirements are
         being operated (Rule not automatically assessed).
         5. ID: 1004 Title: Ensure PCI DSS Requirement 12 requirements are
         being operated (Rule not automatically assessed).
      - The following PCI DSS Policies are refreshed with the latest
   content from the PCI DSS Checklist for MS IIS 10 (PCI v4.0) site:
      - PCI DSS Checklists
      - PCI DSS Milestones View
      - PCI DSS Requirements View

*Actions to take:*

   - Use the License Overview dashboard from the BES Support site to enable
   and gather the said site. Note that you must be entitled to the new
   content, and you are using BigFix version 9.5 and later.
   - Create a custom site for the PCI DSS Checklist for MS IIS 10 (PCI
   v4.0) site to display the MS IIS 10 results in the PCI DSS Policy Reports.
   - If you were involved in the Beta / Early Access Program for BigFix
   Compliance PCI Add-on, unsubscribe from the beta sites to avoid any
   conflicting issues with the production sites. If you do not unsubscribe
   from the beta sites, the content in the production sites will fail.

*More information:*
To know more about the BigFix Compliance PCI DSS checklists, please see the
following resources:

   - BigFix Forum:
   https://forum.bigfix.com/c/release-announcements/pci-add-on
   - BigFix Compliance SCM Checklists:

   https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
   - BigFix PCI Add-on User’s Guide:
   https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/pci.html

We hope you find this latest release of SCM content useful and effective.
Thank you!

*– The BigFix Compliance PCI Add-on team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20231010/31392d7e/attachment.html>


More information about the Besadmin-announcements mailing list