IBM BigFix Compliance PCI Add-on
Updated PCI DSS Checklist for Solaris 11 site for various enhancements
Updated PCI DSS checklist
Payment Card Industry Data Security Standard v3.2
The IBM BigFix Compliance PCI Add-on team has updated the PCI DSS Checklist for Solaris 11 for the following enhancements:
- Improved accuracy and correctness of the manual remediation steps for the following checks:
- Verify that "Ignore ICMP Redirect Messages" is set to enabled (pcidss-1.4.b.1)
- Verify that "Strict Multihoming" is set to enabled (pcidss-1.4.b.2)
- Verify that "ICMP Redirect Messages" is set to disabled (pcidss-1.4.b.3)
- Verify that "Stack Protection" is enabled (pcidss-2.2.4.c.2)
- Verify that password expiration parameters on active accounts is configured (pcidss-8.2.4.a)
- Improved relevancy to enable correct compliance reporting for the following checks:
- Verify that home directories defined in /etc/passwd exists (pcidss-2.2.2.a.12)
- Verify that "SSH MaxAuthTries" is set to 4 or less (pcidss-2.2.4.c.5)
- Corrected the action that automatically remediates a noncompliant setting for the Fixlet "Verify that warning banner is set for SSH service" (pcidss-18.104.22.168).
PCI DSS Checklist for Solaris 11 site, version 2
*The site version is provided for air-gap customers
Actions to Take:
If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt.
To know more information about the IBM BigFix Compliance PCI DSS checklists, see:
We hope you find this latest release of PCI DSS content useful and effective.
-- The IBM BigFix Compliance PCI Add-on team