Welcome
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Using checks and checklists
The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
Viewing check Fixlets from the HCL BigFix console
A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.

BigFix Documentation Homepage
BigFix 10 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
  - Viewing check Fixlets from the HCL BigFix console
    A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.
  - Viewing checks from BigFix Compliance Analytics
    The compliance status of each PCI DSS check and checklist is calculated by BigFix Compliance Analytics during a periodic Extract Transform and Load (ETL) process.
  - Creating custom checklists
    Create custom copies of the PCI DSS content if you want to modify the checks based on a specific corporate policy. You can manually create a custom site to host the PCI DSS checklists or use the Create Custom Checklist wizard to create copies of the PCI DSS checklists and save them in a custom site.
  - Modifying check parameters
    In addition to monitoring compliance status and remediating settings that are out of compliance, you can also modify the values for the defined configuration settings according to company policies.
  - Remediating configuration settings
    The PCI DSS checklists support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
BigFix Remediate
BigFix MCM

Viewing check Fixlets from the HCL BigFix console

A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.

Before you begin

Subscribe to the PCI DSS Fixlet sites to gain access to the check Fixlets.

About this task

Complete the following steps to view the check Fixlets in the HCL BigFix Console after subscribing and gathering the site content.

Procedure

From the Security Configuration domain, click All Security Configuration > Sites > External Sites.
Expand a checklist.
Click Fixlets and Tasks. The Fixlets and Tasks section opens.
Click one of the Fixlets displayed in the list.
The Fixlet opens with the following tabs: Description, Details, Applicable Computers, and Action History.
Click the Description tab to view the text that describes the Fixlet.
The Fixlet is applicable to a subset of endpoints on your network. The size of that subset is shown in the Applicable Computers tab.
A Fixlet typically has a description of the check appended with the rationale and guidelines of the actions for remediation. If the Fixlet is relevant, you must take an action listed in the Remediation section of the description to remediate the noncompliance. You can also access the associated analysis from the description.
Note: The Check ID refers to the Source ID of the Fixlet.
If you are using any of the checklists that contains Deploy and Run Task or Environment Setup Task, run the Environment Setup Task or Deploy and Run Task.

Note: Run the Environment Setup Task periodically to gather the latest results. For more information about this task, see Configuring endpoints.