Product:
IBM BigFix Compliance PCI Add-on
Title:
Updated PCI DSS Checklist for Solaris 11 site for various enhancements
Category:
Updated PCI DSS checklist
Published Benchmark:
Payment Card Industry Data Security Standard v3.2
Details:
The IBM BigFix Compliance PCI Add-on team has updated the PCI DSS Checklist for Solaris 11 for the following enhancements:
- Improved accuracy and correctness of the manual remediation steps for the following checks:
- Verify that “Ignore ICMP Redirect Messages” is set to enabled (pcidss-1.4.b.1)
- Verify that “Strict Multihoming” is set to enabled (pcidss-1.4.b.2)
- Verify that “ICMP Redirect Messages” is set to disabled (pcidss-1.4.b.3)
- Verify that “Stack Protection” is enabled (pcidss-2.2.4.c.2)
- Verify that password expiration parameters on active accounts is configured (pcidss-8.2.4.a)
- Improved relevancy to enable correct compliance reporting for the following checks:
- Verify that home directories defined in /etc/passwd exists (pcidss-2.2.2.a.12)
- Verify that “SSH MaxAuthTries” is set to 4 or less (pcidss-2.2.4.c.5)
- Corrected the action that automatically remediates a noncompliant setting for the Fixlet “Verify that warning banner is set for SSH service” (pcidss-6.5.5.2).
Published Sites:
PCI DSS Checklist for Solaris 11 site, version 2
*The site version is provided for air-gap customers
Actions to Take:
If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
More information:
To know more information about the IBM BigFix Compliance PCI DSS checklists, see:
- IBM BigFix Compliance PCI Add-on User’s Guide in Knowledge Center: https://ibm.biz/BdrWCq
- IBM BigFix Wiki: https://ibm.biz/BdrBtk
- Release Announcements in the IBM BigFix Forum: https://ibm.biz/Bdsspw
We hope you find this latest release of PCI DSS content useful and effective.
Thank you!
– The IBM BigFix Compliance PCI Add-on team