PCI DSS policies
BigFix Compliance Analytics V2.0.9 releases a new policy reporting capability, which provides an aggregated view of compliance from a PCI DSS Requirement or PCI DSS Milestone report perspective.
Policy Report Name | Description |
---|---|
PCI DSS Milestones View |
The PCI DSS Milestones View contains checklists that are based on the PCI DSS Milestone. It retrieves compliance data results from the endpoints that are subscribed to the custom copy of the PCI DSS external sites and displays the aggregated data in a single view. This reporting view can help identify the level of compliance for each system within an entire organization based on the PCI DSS milestones. This view is based on the Prioritized Approach for PCI DSS document and can be useful for early PCI DSS adoption or prioritization of remediation actions. Compliance Managers and organizations can run an early assessment, such as the beginning of the PCI DSS implementation, on the remediation actions that they would need to take on noncompliance high risk systems. This view also allows IT Managers to map compliance data to specific computers and assign corresponding personnel to run remediation actions on a system with non-compliant checks. They also use this reporting view to help them decide on the work prioritization for IT operators. You must enable the PCI DSS Reporting site from the License Overview dashboard in the BigFix console to use this policy view. |
PCI DSS Requirements View |
The PCI DSS Requirements View contains checklists that are based on each PCI DSS Requirement. It retrieves compliance data results from the endpoints that are subscribed to the custom copy of the PCI DSS external sites and displays the aggregated data in a single view. This reporting view can help identify the level of compliance for each system within an entire organization based on the PCI DSS requirement. This view is based on the Requirements and Security Assessment Procedures document and can be useful for Compliance Managers in preparing for an audit. You must enable the PCI DSS Reporting site from the License Overview dashboard in the BigFix console to use this policy view. |
PCI DSS Checklists |
The PCI DSS Checklists view contains custom PCI DSS checklists only. It retrieves compliance data results from the endpoints that are subscribed to the custom copy of the PCI DSS external sites and displays the aggregated data in a single view. This reporting view can help Compliance Managers identify the level of compliance for each system within an entire organization based on the overall PCI DSS checklist. It can help also IT Managers to map compliance data to specific computers and assign corresponding personnel to run remediation actions on a system with non-compliant checks. You must enable the PCI DSS Reporting site from the License Overview dashboard in the BigFix console to use this policy view. |
SCM Checklists |
The SCM Checklists view contains all SCM checklists, including the out-of-the-box checklists for PCI DSS. This reporting view shows the compliance results of the endpoints that are subscribed to the PCI DSS external sites and non-PCI DSS related external and custom sites. This reporting view is available to allow users, who do not have license to the BigFix Compliance PCI Add-on offering, to use the Policy feature in BigFix Compliance version 2.0 and later. Therefore, it is not dependent on the PCI DSS Reporting site. |
Sample reports can be found in Viewing reports on BigFix Compliance Analytics V2.0 and later.