Configuring miscellaneous settings
Configure several miscellaneous settings to meet various PCI DSS requirements.
- In the user interface, click the Administration tab.
- Locate the User Accounts section.
- Verify that your settings match or are more restrictive than those in Figure 1. The default values align with PCI DSS 4.0 requirements. If you make changes, ensure that you still meet the requirements.
- Click the Interfaces tab and scroll down to the Application Programming Interface section.
- Select the Cross-site request forgery protection checkbox. Make sure that
Session timeout (seconds) is set to a value of 900 seconds or less.Note: If you want to use tested default and secure HTTP headers, ensure that Use custom HTTP headers is disabled.
- Scroll up to locate the Message Tracing section under Message Command Interface.
- Select Disabled from the Dump message data drop-down
list. Enter
0
in the Dump malformatted message field.Note: The setting is necessary to comply with PCI DSS requirement 3.5.1. - Scroll down to locate the MQ Interface section.
- Select Disabled from the Dump message data drop-down
list. Enter
0
in the Dump malformatted message field.Note: The setting is necessary to comply with PCI DSS requirement 3.5.1. - Scroll down to the Kafka Interface section.
- Select Disabled from the Dump message data drop-down
list. Enter
0
in the Dump malformatted message field.Note: The setting is necessary to comply with PCI DSS requirement 3.5.1. - Click the Misc tab and scroll down to the Miscellaneous section.
- Verify that SSL cipher list has the
following entries:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Note: This list might be outdated because new security leaks were discovered in the meantime. The OpenSSL website provides regular security advisories, including information about potential security leaks.