Hello. I am New to Bigfix, and we are in the design stage. We have credit transactions in our stores, and we have in the past disabled two way communication between the Point of Sale device and the local server. Leaving the POS device to “Pull” or check for new tasks. We want to use IEM in the out of the box design. However, I need to show how these devices and have 2 way communication while still remain PCI compliant.
Does anyone have any information they can share that can help me show the Security Team that it can be PCI Compliant?
You can use what is called “Command Polling” which will make it so the endpoint will query on its own for changes on a periodic standpoint and thus doesn’t require any ports open to get to it. Is that what you mean?
Well we want to use Bigfix with the “Out of the Box” mentality. Don’t really want to customize anything. I just need fuel to backup how we can achieve PCI Compliance with Bigfix in a Point of Sale environment.
What I mentioned isn’t exactly custom. It’s merely a setting. If the default behaviour of BigFix isn’t what you need then its fairly trivial to lock it down in many ways.
What makes it not “PCI Compliant” as I don’t know what you are referring to here.
We are a PCI-DSS house, and we do not have this as a requirement in PCI 2.0 or 3.0. We currently have 1270 locations and process a large number of credit and debit transactions per day. I would be more than happy to share with you what we did. Message me on here and I will send you my contact information.
Andres, I forgot to give you this as well… With the release of PCI-DSS v3.1 that went into effect on January 1 2015 SSL v3.0 was superseded by TLS. The BESAdmin tool gives you the ability to Enable Enhanced Security (Security tab on the BESAdmin Tool). This option will allow you to use TLS 1.2…
Here is a post from IBM knowledge center that you might want to read through, and present to your security team. The article is for lifecycle management, but worth a glance through.