IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklist for Windows 2008 published 2016-05-31

Release Announcements PCI Add-on (Release Announcements)
1

IBM BigFix Compliance PCI Add-on
Security Configuration Management (SCM)

The IBM BigFix Compliance team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklist for Windows 2008. See details below.

Updated Site:
PCI DSS Checklist for Windows 2008, version 6

*The site version is provided for air-gap customers.

Changelist:

  • The checks “Verify that Administrator account on the system is set to Disabled” (pcidss-2.1.b.3) and “Verify that Guest account on the system is set to Disabled” (pcidss-2.1.b.4) are updated to resolve APAR IV85006 - Long Evaluation Cycle Time.
  • The check named “Verify that “Interactive Logon: Do not require CTRL+ALT+DEL” is set to Disabled” (pcidss-8.2_0.5) is updated due to the incorrect desired value.
  • The check named “Verify that “Audit Policy: DS Access: Directory Service Changes” for Enterprise Domain Controller is set to Success” (pcidss-10.2.2_6.1) is removed because Domain Controller is not supported.
  • The source ID for the following checks are renumbered:
    – Verify that “Local Policy: Debug programs” is set to Administrators
    Source ID pcidss-7.2.3_5 is updated to pcidss-7.2.2_59.
    – Verify that “Local Policy: Deny log on locally” is set to Guests
    Source ID pcidss-7.2.3_6 is updated to pcidss-7.2.2_60.

Actions to Take:

  • If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
  • If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later.
  • If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail.

Documentation Resources:
To know more about IBM BigFix Compliance PCI Add-on, see the IBM BigFix Compliance PCI Add-on User’s Guide.

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance team