Welcome
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Understanding the results in BigFix Compliance Analytics
Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
Viewing PCI DSS compliance results
This section shows how you can view the results of PCI DSS compliance at a checklist, checks, and check results levels.
Viewing reports on BigFix Compliance Analytics V2.0 and later
Viewing the Checks List report
The Checks List report shows the list of checks available in a policy checklist.

BigFix Documentation Homepage
BigFix 11 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
  - Starting BigFix Compliance Analytics
    Use any of the supported web browsers to open the web-based application.
  - Importing data to BigFix Compliance Analytics
    Depending on your configuration, the Extract Transform and Load (ETL) process that computes the compliance status of each check and checklist could take a long time. To ensure that you are viewing the latest reports, verify that the imports are configured to run automatically and that a recent import has completed successfully.
  - Viewing reports from BigFix Compliance Analytics
    BigFix Compliance Analytics displays reports that contain the compliance status of your deployment. Each PCI DSS checklist and its checks are exported periodically into Compliance Analytics.
  - Viewing PCI DSS compliance results
    This section shows how you can view the results of PCI DSS compliance at a checklist, checks, and check results levels.
    - Viewing reports on BigFix Compliance Analytics V2.0 and later
      - Viewing the Overview report
        Starting from BigFix Compliance Analytics V2.0 and later, the home page defaults to the Overview report that provides a graphical representation of the Policy History, Computers by Policy Quartile, and Check Results History for all PCI DSS Policies.
      - Viewing the Policy View List report
        The Policy View List report shows a list of policies that provide the cumulative state aggregated on the level of a specific PCI DSS requirement or milestone. Results from the Requirements and Milestones reports include summary views at the home page or on the computer level.
      - Viewing the Policy View Overview report
        The Policy Overview report shows information about a single policy and overall, historical compliance for the policy as applied to all computers visible to logged in users.
      - Viewing the Policy Checklist List report
        A policy checklist is based on the policy views or compliance approaches that are made available in BigFix Compliance Analytics V2.0.9. It contains a collection of checks that may belong to multiple PCI DSS checklists or sites.
      - Viewing the Policy Checklist Overview report
        The Policy Checklist Overview report shows information about a single policy checklist, which may contain checks from multiple PCI DSS checklists or sites. It includes information such as the quantity of checks in the policy checklist, and the overall, historical aggregate compliance for the policy checklist as applied to all computers visible to logged in users.
      - Viewing the Checks List report
        The Checks List report shows the list of checks available in a policy checklist.
      - Viewing the Checks Overview report
        The Checks Overview report shows detailed information about a check, such as the source information, description, and remediation steps. It also contains overall, historical aggregate compliance of the check as evaluated by all computers visible to logged in users.
      - Viewing the Check Results List report
        The Check Results List report shows the checklist, check name, computer name, the date when the results were last seen, and the level of compliance. It provides the attributes of each computer and check, and the historical compliance result for each check on each computer.
    - Viewing custom reporting on BigFix Compliance Analytics V1.8 and earlier
  - Creating exceptions
    You can file for the endpoint to be excluded from the PCI DSS checks if some endpoints require compliance to older policies or standards.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Linux and Windows applications - middleware
Traditional BigFix Patch content focuses on a limited set of vendors with a specialty in operating system and security patching. The Updates for Linux Applications – middleware and Updates for Windows Applications – middleware content site provides coverage for upgrades to a growing list of third-party applications. This expansion helps you fill gaps in proactive patching processes.
BigFix Remediate
BigFix MCM
Middleware Application Patching (Windows & Linux)

Viewing the Checks List report

The Checks List report shows the list of checks available in a policy checklist.

In the following figure, the Policy Checklist Overview report shows that there are 336 checks available in the PCI DSS Requirement 2 checklist. To view these checks in detail, drill down to the checks by clicking on the link.

Number of available checks in a checklist — Figure 1. Number of available checks in a checklist

You can also access the Check List report from the Policy List report by the Report View drop-down list, which is highlighted in the following figure. This method allows you to view all the checks for a policy view, as well as to drill down to a particular checklist and then view its checks.

Drop-down option to change report views from the Policy List Report — Figure 2. Policy List Report

The Checks report shows the list of checks in the given scope together with the attributes of each check and the overall, historical aggregate compliance results (the aggregate of all visible computer's pass and fail score) of each check. To see the direct reference to a standard, you can configure the report view to display the Source ID.

Drop-down option to change report views from the Policy List Report — Figure 3. List of checks

Alternatively, you can access the overall Checks List report from the Overview report in the home page. You can then filter the checks according to your preference.

Overview report with the highlighted Checks link — Figure 4. Overview report with the highlighted Checks link