Product:
IBM BigFix Compliance PCI Add-on
Title:
New PCI DSS Policy reporting in BigFix Compliance Analytics V1.9
Category:
Updated PCI DSS checklist
Published Benchmark:
Payment Card Industry Data Security Standard v3.2
Details:
-
BigFix Compliance Analytics V1.9 releases a new policy compliance reporting capability that allows more effective analysis and reporting of the different security configuration policies. For the official announcement of BigFix Compliance Analytics V1.9, see Compliance Release announcements ( https://forum.bigfix.com/c/release-announcements/compliance).
-
Based on the new BigFix Compliance Analytics V1.9 policy reporting capability, BigFix Compliance PCI Add-on now provides the PCI DSS Reporting site to generate the policy reports representing specific PCI DSS Requirement or Milestone views. This site contains the metadata files required for the creation of the PCI DSS policy report views based on the check results evaluated at each endpoint. The PCI DSS Reporting site can be easily enabled on the BigFix console.
-
The improved PCI DSS Requirements and Milestones based reports provide several benefits:
-
The PCI DSS compliance posture reporting is separate from the Compliance SCM policy compliance reporting, based on other security benchmarks such as CIS, DISA STIG, and USGCB.
-
Easy drill down from the PCI DSS Requirement or Milestone reporting view to get more details of the compliance results for each checklist and individual checks.
-
Compliance Managers and IT Managers can use the Milestone view during early PCI DSS adoption to evaluate compliance progress and prioritize actions.
-
Compliance Managers can use the Requirements view to assess compliance status against specific PCI DSS requirements and prepare for audit.
-
IT Managers can use the compliance data for specific endpoints when assigning personnel to run remediation actions on non-compliant checks.
Published Site:
PCI DSS Reporting, version 1
*The site version is provided for air-gap customers.
Actions to Take:
- Enable the PCI DSS Reporting site from the License Overview dashboard. Computer subscription to this site is not required.
- Create a custom site for each external PCI DSS site. Subscribe endpoints to only the custom sites that are applicable.
- Configure the API connection from BigFix Compliance Analytics to add a data source for viewing information about the database on which the compliance data is based.
Note: More information about these actions are discussed in the “Setting up the PCI DSS Policy Reports” section of the BigFix Compliance PCI Add-on User’s Guide at https://ibm.biz/BdsyAm.
More information:
To know more information about the IBM BigFix Compliance PCI DSS checklists, see:
-
IBM BigFix Compliance PCI Add-on User’s Guide in the Knowledge Center: http://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/pci.html
-
IBM BigFix Wiki: https://ibm.biz/BdrBtk
-
Release Announcements:
-
IBM BigFix Forums: https://ibm.biz/Bdsspw (Official BigFix Release Announcements Channel)
-
IBM BigFix Blog: https://ibm.biz/BdrBt5 (Deprecating)
We hope you find this latest release of PCI DSS content useful and effective.
Thank you!
– The IBM BigFix Compliance PCI Add-on team