<html><body><p><b><font size="2">Product:</font></b><p><font size="2">IBM BigFix Compliance PCI Add-on</font><p><p><b><font size="2">Title:</font></b><p><font size="2">Updated Security Configuration Management (SCM) PCI DSS Checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to comply with PCI DSS v3.2</font><p><p><b><font size="2">Category:</font></b><p><font size="2">Updated SCM checklist</font><p><p><b><font size="2">Published Benchmark:</font></b><p><font size="2">Payment Card Industry Data Security Standard v3.2</font><p><p><b><font size="2">Details:</font></b><p><font size="2">The IBM BigFix Compliance PCI Add-on team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to comply with PCI DSS v 3.2, as well as to include other enhancements. Details are as follows.</font><p><i><font size="2"> </font></i><font size="2">For MS IIS 7:</font><ul><br><font size="2" face="Symbol">· </font><font size="2">PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists.</font><p><font size="2" face="Symbol">· </font><font size="2">Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description.</font><p><font size="2" face="Symbol">· </font><font size="2">The check named </font><i><font size="2">“Use only Strong Encryption Protocols - IIS7”</font></i><font size="2"> (pcidss-4.1.e.7) is updated to disable SSL 3.0, TLS 1.0, and TLS 1.1, and to enable TLS 1.2 as a mandatory requirement.</font><p><font size="2" face="Symbol">· </font><font size="2">The checks named </font><i><font size="2">“Set Deployment Method to Retail - IIS7”</font></i><font size="2"> (pcidss-6.3.b.1) and </font><i><font size="2">“Ensure 'passwordFormat' Credentials Element not set to Clear - IIS7”</font></i><font size="2"> (pcidss-8.2.1.a.7) are updated to correct the manual remediation steps in the description.</font></ul><br><font size="2">For MS SQL 2008 and MS SQL 2012:</font><ul><br><font size="2" face="Symbol">· </font><font size="2">PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists.</font><p><font size="2" face="Symbol">· </font><font size="2">Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description.</font><p><font size="2" face="Symbol">· </font><font size="2">The measured values for </font><i><font size="2">“Verify that "Account Lockout Duration" is set to '30 minutes or more’”</font></i><font size="2"> (</font>pcidss-8.1.7)<font size="2">, which can be viewed in the BigFix console, analyses, and SCA reports are formatted for enhanced readability. The results now clearly present the desired system configuration setting, as specified by a check, against the actual setting on the endpoint.</font><p><font size="2" face="Symbol">· </font><font size="2">Some titles and descriptions are updated with the standardized format and extensions.</font><p><font size="2" face="Symbol">· </font><font size="2">Several checks are updated to improve the presentation of system exceptions and parameter handling.</font></ul><br><font size="2">For Windows Embedded POSReady 2009:</font><ul><br><font size="2" face="Symbol">· </font><font size="2">PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists.</font><p><font size="2" face="Symbol">· </font><font size="2">Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description.</font><p><font size="2" face="Symbol">· </font><font size="2">Some titles and descriptions are updated with the standardized format and extensions.</font><ul><br></ul></ul><b><font size="2">Published Site:</font></b><font size="2"><br>PCI DSS Checklist for MS IIS, version 6<br>PCI DSS Checklist for MS SQL 2008, version 7<br>PCI DSS Checklist for MS SQL 2012, version 8<br>PCI DSS Checklist for Windows Embedded POSReady 2009, version 4</font><p><i><font size="2">*The site version is provided for air-gap customers.</font></i><p><p><b><font size="2">Actions to Take:</font></b><p><font face="Symbol">· </font><font size="2">If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see </font><a href="https://ibm.biz/Bd4LBt"><u><font size="2" color="#0082BF">https://ibm.biz/Bd4LBt</font></u></a><font size="2">.</font><br><font face="Symbol">· </font><font size="2">If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later.</font><br><font face="Symbol">· </font><font size="2">If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail.</font><ul><ul></ul></ul><br><b><font size="2">More information:</font></b><font size="2"><br>To view the announcement on the PCI DSS v3.2 support for Windows 2008, Windows 2012, Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7, click here:</font><font face="Calibri"> </font><a href="https://ibm.biz/BdrFiu"><u><font size="2" color="#0082BF">https://ibm.biz/BdrFiu</font></u></a><font size="2">.</font><br><br><font size="2">Please note that PCI DSS v3.2 support for the existing PCI checklists for other supported platforms will be available soon. Stay tuned for future announcements.</font><br><br><font size="2">To know more information about the IBM BigFix Compliance SCM checklists, see:</font><br><br><b><font size="2">IBM BigFix Compliance PCI Add-on User's Guide</font></b><font size="2"> in the BigFix developerWorks wiki: </font><a href="https://ibm.biz/BdrBtk"><u><font size="2" color="#0082BF">https://ibm.biz/BdrBtk</font></u></a><br><br><b><font size="2">IBM developerWorks:</font></b><font size="2"> </font><a href="https://ibm.biz/BdFiGQ"><u><font size="2" color="#0082BF">https://ibm.biz/BdFiGQ</font></u></a><br><br><b><font size="2">SCM Checklist Deployment: </font></b><a href="https://ibm.biz/BdrBtU"><u><font size="2" color="#0082BF">https://ibm.biz/BdrBtU</font></u></a><br><br><b><font size="2">IBM Blog for Checklist Release Announcement: </font></b><a href="https://ibm.biz/BdrBt5"><u><font size="2" color="#0082BF">https://ibm.biz/BdrBt5</font></u></a><br><br><b><font size="2">BigFix forums:</font></b><font size="2"> </font><a href="https://forum.bigfix.com/"><u><font size="2" color="#0082BF">https://forum.bigfix.com/</font></u></a><br><br>
<p><font size="2">We hope you find this latest release of SCM content useful and effective. Thank you!</font><p><p><i><font size="2"> -- The IBM BigFix Compliance PCI Add-on team</font></i><BR>
</body></html>