<font size=2 face="sans-serif">IBM BigFix Compliance PCI Add-on<br>Security Configuration Management (SCM)</font><br><p><font size=2 face="sans-serif">The IBM BigFix Compliance team has updated
the content for the Payment Card Industry Data Security Standard (PCI DSS)
checklist for Windows 2008. See details below.</font><p><p><font size=2 face="sans-serif"><b>Updated Site:</b><br>PCI DSS Checklist for Windows 2008, version 6<br></font><p><font size=2 face="sans-serif"><i>*The site version is provided for
air-gap customers.</i></font><p><p><font size=2 face="sans-serif"><b>Changelist:</b></font><p><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">The
checks <i>“Verify that Administrator account on the system is set to Disabled”</i>(pcidss-2.1.b.3) and <i>“Verify that Guest account on the system is set
to Disabled”</i> (pcidss-2.1.b.4) are updated to resolve APAR IV85006
- Long Evaluation Cycle Time.</font><p><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">The
check named <i>“Verify that "Interactive Logon: Do not require CTRL+ALT+DEL"
is set to Disabled”</i> (pcidss-8.2_0.5) is updated due to the incorrect
desired value.</font><p><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">The
check named <i>“Verify that "Audit Policy: DS Access: Directory Service
Changes" for Enterprise Domain Controller is set to Success”</i>(pcidss-10.2.2_6.1) is removed because Domain Controller is not supported.</font><p><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">The
source ID for the following checks are renumbered:</font><p><font size=2 face="Courier New">o </font><font size=2 face="sans-serif"><i>Verify
that "Local Policy: Debug programs" is set to Administrators</i><br>Source ID pcidss-7.2.3_5 is updated to pcidss-7.2.2_59.</font><p><font size=2 face="Courier New">o </font><font size=2 face="sans-serif"><i>Verify
that "Local Policy: Deny log on locally" is set to Guests<br></i>Source ID pcidss-7.2.3_6 is updated to pcidss-7.2.2_60. </font><p><font size=2 face="sans-serif"><b>Actions to Take:</b></font><p><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">If
you use custom sites, update your custom sites accordingly to use the latest
content. You can synchronize your content by using the Synchronize Custom
Checks wizard. For more information, see </font><a href=https://ibm.biz/Bd4LBt><font size=2 color=#0082bf face="sans-serif"><u>https://ibm.biz/Bd4LBt</u></font></a><font size=2 face="sans-serif">.</font><br><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">If
you have not subscribed to the site above, you can use the License Overview
dashboard to enable and gather the sites. Note that you must be entitled
to the new content and you are using IBM BigFix version 9.0 and later.</font><br><font size=2 face="Symbol">· </font><font size=2 face="sans-serif">If
you were involved in the Early Access Program for IBM BigFix Compliance
PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues
with the production sites. If you do not unsubscribe from the beta sites,
the content in the production sites will fail.</font><br><br><font size=2 face="sans-serif"><b>Documentation Resources:</b><br>To know more about IBM BigFix Compliance PCI Add-on, see the </font><a href=https://ibm.biz/Bd4Vic><font size=2 color=#0082bf face="sans-serif"><u>IBM
BigFix Compliance PCI Add-on User's Guide</u></font></a><font size=2 face="sans-serif">.
</font><br><br><font size=2 face="sans-serif">We hope you find this latest release
of SCM content useful and effective. Thank you!</font><p><p><font size=2 face="sans-serif"><i> -- The IBM BigFix Compliance
team</i><br></font><BR>