IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklist for RHEL 7 (v4) published 2016-06-29

Release Announcements PCI Add-on (Release Announcements)
1

The IBM BigFix Compliance PCI Add-on team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklist for RHEL 7 to support remediation and provide other enhancements. Details are as follows:

  • Remediation is supported for the PCI DSS Checklist for RHEL 7 site. This feature allows console operators to resolve a vulnerability issue with a single action.

  • The measured values for each RHEL 7 check, which can be viewed in the BigFix console, analyses, and SCA reports are formatted for enhanced readability. The results now clearly present the desired system configuration setting, as specified by a check, against the actual setting on the endpoint.

  • The checks named “Verify that the “xfs” service is Disabled” (pcidss-2.2.2.a.30.6) and “Verify User/group owner and permissions are set on /etc/anacrontab” (pcidss-7.2.2.6) are removed from the checklist because they are not applicable.

  • The check named “Create and Set Permissions on rsyslog Log Files” (pcidss-7.2.2.22.6) is a duplicate of another check and is removed from the checklist.

Published Benchmark:
Payment Card Industry Data Security Standard v3.1

Published Site:
PCI DSS Checklist for RHEL 7, version 4
*The site version is provided for air-gap customers.

Actions to Take:

  • If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.

  • If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later.

  • If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail.

More information:
To know more information about the IBM BigFix Compliance SCM checklists, see:

IBM BigFix Compliance PCI Add-on User’s Guide in the BigFix developerWorks wiki: https://ibm.biz/BdrBtk.

IBM Developer Works: https://ibm.biz/BdFiGQ

SCM Checklist Deployment: https://ibm.biz/BdrBtU

IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5

Bigfix forums: https://forum.bigfix.com/

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance PCI Add-on team