IBM BigFix Compliance PCI Add-on: Updated PCI DSS Checklist for Windows 2008 published 2016-09-14

Product:
IBM BigFix Compliance PCI Add-on

Title:
Updated PCI DSS Checklist for Windows 2008 with improved data presentation

Category:
Updated PCI DSS Checklist

Published Benchmark:
Payment Card Industry Data Security Standard v3.2

Details:
The IBM BigFix Compliance PCI Add-on team has updated the content of the PCI DSS checklist for Windows 2008 to improve the data presentation. Details are as follows:

  • The measured values for each check, which can be viewed in the BigFix console, analyses, and SCA reports are formatted for enhanced readability. The results now clearly present the desired system configuration setting, as specified by a check, against the actual setting on the endpoint.
  • Some titles and descriptions of the checks are updated with the standardized format and extensions.

The PCI DSS checklist for Windows 2008 also contains the following additional checks:

  • Verify that “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” on Windows 2008 R2 is set to ‘prompt for credentials on the secure desktop’ (pcidss-7.2.2_43.3)
  • Verify that “Bypass traverse checking” on Windows 2008 is set to ‘Authenticated Users, Network Service, Local Service, Administrators, Backup Operators’ (pcidss-7.2.2_6.3)
  • Verify that “Change the system time” is set to ‘Administrators, Local Service’ (pcidss-10.4.2.a_3)

Published Site:
PCI DSS Checklist for Windows 2008, version 9
*The site version is provided for air-gap customers.

Actions to Take:

  • If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
  • If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.2 and later.
  • If you were involved in the Beta / Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail.

More information:
To know more information about the IBM BigFix Compliance PCI DSS checklists, see:

We hope you find this latest release of PCI DSS content useful and effective.

Thank you!

– The IBM BigFix Compliance PCI Add-on team