IBM BigFix Compliance PCI Add-on
Security Configuration Management (SCM)
The IBM BigFix Compliance team has updated the content for various Payment Card Industry Data Security Standard (PCI DSS) checklists to enhance usability and improve customer experience.
Updated Sites:
PCI DSS Checklist for MS IIS, version 4
PCI DSS Checklist for MS SQL 2008, version 5
PCI DSS Checklist for MS SQL 2012, version 6
PCI DSS Checklist for RHEL 5, version 2
PCI DSS Checklist for RHEL 6, version 4
PCI DSS Checklist for RHEL 7, version 3
PCI DSS Checklist for Windows 2008, version 5
PCI DSS Checklist for Windows 2012, version 6
PCI DSS Checklist for Windows Embedded POSReady 2009, version 3
*Site versions are provided for air-gap customers.
Changelist:
- Supplemental reports based on the PCI DSS Requirements and Milestones Reporting are made available. BigFix provides an installation task to enable the additional reports by using custom sites. The installer is available in the PCI DSS Checklist for Windows 2012 and PCI DSS Checklist for RHEL 6 sites.
- Some titles and descriptions were updated with the standardized format and extensions.
- Fixlet metadata were updated to contain unique identifiers to improve synchronization between external and custom sites. Note: You must create a new custom checklist and import the latest content from the external site to the custom site.
- Fixlets were updated to support Unicode character, which enables consistent encoding, representation, and handling of text across systems and settings of local pages.
Actions to Take:
-
If you use custom sites, ensure that you use the updated content in your custom sites. Delete the old custom checklist and create a new one with the updated content from the external sites.
-
To access the PCI DSS Requirements and Milestones Reporting, you must complete the installation steps described in BigFix Compliance Add-on Requirements and Milestones Reporting Guide.
-
If you have not subscribed to any of the sites above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later.
-
If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe
from the beta sites, the content in the production sites will fail.
Documentation Resources:
To know more about IBM BigFix Compliance PCI Add-on, see the IBM BigFix Compliance PCI Add-on User’s Guide.
For detailed information about the supplemental reports based on the PCI DSS Requirements and Milestones, see BigFix Compliance Add-on Requirements and Milestones Reporting Guide from the IBM BigFix devWorks wiki.
We hope you find this latest release of SCM content useful and effective. Thank you!
– The IBM BigFix Compliance team