Skip to main content
Skip table of contents

PCI DSS 4.0 – Requirements

Control Description

Support

AIE Rules/Alerts

Investigations

Reports

1.1.1.a: Examine documented procedures to verify there is a formal process for testing and approval of all:

- Network connections and

- Changes to firewall and router configurations

Augment

N/A

CCF: Configuration/Policy Change Detail

CCF: Configuration/Policy Change Summary

CCF: Configuration/Policy Change Details

1.1.6.a: Verify that firewall and router configuration standards include a documented list of all services, protocols and ports, including business justification and approval for each.

Augment

N/A

CCF: Network Communication Detail

CCF: Non-Encrypted Protocol Summary

CCF: Non-Encrypted Protocol Details

1.1.6.b: Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service.

Direct

N/A

CCF: Network Communication Detail

CCF: Non-Encrypted Protocol Summary

CCF: Non-Encrypted Protocol Details

1.2.1.a: Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet

=> DMZ Comm AIE Rule

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Denied Wireless => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: DMZ Communication Detail

CCF: Internet Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Inet => Intrn Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: Invalid Test => Internet Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

1.2.1.b: Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Denied Wireless => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: DMZ Communication Detail

CCF: Internet Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary


CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Inet => Intrn Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: Invalid Test => Internet Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

1.2.1.c: Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Denied Wireless => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: DMZ Communication Detail

CCF: Internet Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Inet => Intrn Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: Invalid Test => Internet Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

1.2.2.a: Examine router configuration files to verify they are secured from unauthorized access.

Augment

CCF: Firewall Policy Synch Information AIE Rule

CCF: Firewall Policy Synch Failure Detail

CCF: AIE Firewall Policy Synch Summary

CCF: Firewall Policy Synch Activity Summary

CCF: AIE Firewall Policy Synch Details

CCF: Firewall Policy Synch Activity Details

1.2.2.b: Examine router configurations to verify they are synchronized. For example, the running (or active) configuration matches the start-up configuration (used when machines are booted).

Augment

CCF: Firewall Policy Synch Information AIE Rule

CCF: Firewall Policy Synch Failure Detail

CCF: AIE Firewall Policy Synch Summary

CCF: Firewall Policy Synch Activity Summary

CCF: AIE Firewall Policy Synch Details

CCF: Firewall Policy Synch Activity Details

1.2.3.b: Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.

Augment

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Internet Communication Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Invalid Inet => Intrn Comm Details

1.3.1: Examine firewall and router configurations to verify that a DMZ is implemented to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.

Augment

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Internet Communication Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Invalid Inet => Intrn Comm Details

1.3.2: Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ.

Augment

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Internet Communication Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Invalid Inet => Intrn Comm Details

(PCI 3.1 - 1.3.3): Examine firewall and router configurations to verify direct connections inbound or outbound are not allowed for traffic between the Internet and the cardholder data environment.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: DMZ Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary


CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

1.3.3 (PCI 3.1 - 1.3.4): Examine firewall and router configurations to verify that anti-spoofing measures are implemented. For example, internal addresses cannot pass from the Internet into the DMZ.

Augment

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Invalid DMZ

=> Internal Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: DMZ Communication Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Internet => DMZ Comm Details

1.3.4 (PCI 3.1 - 1.3.5): Examine firewall and router configurations to verify that outbound traffic from the cardholder data environment to the Internet is explicitly authorized.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Network Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

1.4.a: Examine policies and configuration standards to verify:

- Personal firewall software or equivalent functionality is required for all portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE.

- Specific configuration settings are defined for personal firewall (or equivalent functionality).

- Personal firewall (or equivalent functionality) is configured to actively run.

- Personal firewall (or equivalent functionality) is configured to not be alterable by users of the portable computing devices.

Augment

CCF: Host Firewall Information AIE Rule

CCF: Host Firewall Failure Detail

CCF: AIE Host Firewall Activity Summary

CCF: Host Firewall Activity Summary


CCF: AIE Host Firewall Activity Details

CCF: Host Firewall Activity Details

2.1.a: Choose a sample of system components, and attempt to log on (with system administrator help) to the devices and applications using default vendor- supplied accounts and passwords, to verify that ALL default passwords (including those on operating systems, software that provides security services, application and system accounts, POS terminals, and Simple Network Management Protocol (SNMP) community strings) have been changed. (Use vendor manuals and sources on the Internet to find vendor-supplied accounts/passwords.)

Direct

CCF: Invalid Account Usage AIE Rule

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

2.1.b: For the sample of system components, verify that all unnecessary default accounts (including accounts used by operating systems, security software, applications, systems, POS terminals, SNMP, etc.) are removed or disabled.

Direct

CCF: Invalid Account Usage AIE Rule

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

2.2.2.a: Select a sample of system components and inspect enabled system services, daemons, and protocols to verify that only necessary services or protocols are enabled.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Denied Intrn => Inet Comm AIE Rule

CCF: Denied Intrn => Intrn Comm AIE Rule

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Denied Wireless => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: Invalid Intrn => Inet Comm AIE Rule

CCF: Invalid Intrn => Intrn Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: Invalid Wireless => CDE Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Denied Intrn => Inet Comm Detail

CCF: AIE Denied Intrn => Intrn Comm Detail

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Denied Test => Intern Comm Detail

CCF: AIE Denied Wireless => CDE Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: AIE Invalid Intrn => Inet Comm Detail

CCF: AIE Invalid Intrn => Intrn Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: AIE Invalid Test => Intrn Comm Detail

CCF: AIE Invalid Wless => CDE Comm Detail

CCF: Application Access Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: Denied Intrn => Inet Comm Detail

CCF: Denied Intrn => Intrn Comm Detail

CCF: Denied Test => Internal Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: Denied Wireless => CDE Comm Detail

CCF: DMZ Communication Detail

CCF: Internal Communication Detail

CCF: Internet Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Invalid Intrn => Inet Comm Detail

CCF: Invalid Intrn => Intrn Comm Detail

CCF: Invalid Test => Internal Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Invalid Wireless => CDE Comm Detail

CCF: Network Communication Detail

CCF: Test Communication Detail

CCF: Wireless Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Denied Intrn => Inet Comm Summary

CCF: AIE Denied Intrn => Intrn Comm Summary

CCF: AIE Denied Test => Internal Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Denied Wireless => CDE Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: AIE Invalid Intrn => Inet Comm Summary

CCF: AIE Invalid Intrn => Intrn Comm Summary

CCF: AIE Invalid Test => Internal Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: AIE Invalid Wireless => CDE Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Denied Intrn => Inet Comm Summary

CCF: Denied Intrn => Intrn Comm Summary

CCF: Denied Test => Internal Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Denied Wireless => CDE Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: Invalid Intrn => Inet Comm Summary

CCF: Invalid Intrn => Intrn Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: Invalid Wireless => CDE Comm Summary

CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Denied Intrn => Inet Comm Details

CCF: AIE Denied Intrn => Intrn Comm Details

CCF: AIE Denied Test => Internal Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: AIE Invalid Intrn => Inet Comm Details

CCF: AIE Invalid Intrn => Intrn Comm Details

CCF: AIE Invalid Test => Internal Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: AIE Invalid Wireless => CDE Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Denied Intrn => Inet Comm Details

CCF: Denied Intrn => Intrn Comm Details

CCF: Denied Test => Internal Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Denied Wireless => CDE Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Inet => Intrn Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: Invalid Intrn => Inet Comm Details

CCF: Invalid Intrn => Intrn Comm Details

CCF: Invalid Test => Internal Comm Details

CCF: Invalid Test => Internet Comm Details

CCF: Invalid Wireless => CDE Comm Details

2.2.2.b: Identify any enabled insecure services, daemons, or protocols and interview personnel to verify they are justified per documented configuration standards.

Augment

CCF: Denied CDE => Internet Comm AIE Rule

CCF: Denied DMZ => Internal Comm AIE Rule

CCF: Denied Inet => Intrn Comm AIE Rule

CCF: Denied Internet => CDE Comm AIE Rule

CCF: Denied Internet => DMZ Comm AIE Rule

CCF: Denied Intrn => Inet Comm AIE Rule

CCF: Denied Intrn => Intrn Comm AIE Rule

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Denied Wireless => CDE Comm AIE Rule

CCF: Invalid CDE => Internet Comm AIE Rule

CCF: Invalid DMZ => Internal Comm AIE Rule

CCF: Invalid Inet => Intrn Comm AIE Rule

CCF: Invalid Internet => CDE Comm AIE Rule

CCF: Invalid Internet => DMZ Comm AIE Rule

CCF: Invalid Intrn => Inet Comm AIE Rule

CCF: Invalid Intrn => Intrn Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: Invalid Wireless => CDE Comm AIE Rule

CCF: AIE Denied CDE => Internet Comm Detail

CCF: AIE Denied DMZ => Internal Comm Detail

CCF: AIE Denied Inet => Intrn Comm Detail

CCF: AIE Denied Internet => CDE Comm Detail

CCF: AIE Denied Internet => DMZ Comm Detail

CCF: AIE Denied Intrn => Inet Comm Detail

CCF: AIE Denied Intrn => Intrn Comm Detail

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Denied Test => Intern Comm Detail

CCF: AIE Denied Wireless => CDE Comm Detail

CCF: AIE Invalid CDE => Inet Comm Detail

CCF: AIE Invalid DMZ => Internal Comm Detail

CCF: AIE Invalid Inet => CDE Comm Detail

CCF: AIE Invalid Inet => DMZ Comm Detail

CCF: AIE Invalid Inet => Intrn Comm Detail

CCF: AIE Invalid Intrn => Inet Comm Detail

CCF: AIE Invalid Intrn => Intrn Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: AIE Invalid Test => Intrn Comm Detail

CCF: AIE Invalid Wless => CDE Comm Detail

CCF: Application Access Detail

CCF: CDE Communication Detail

CCF: Denied CDE => Internet Comm Detail

CCF: Denied DMZ => Internal Comm Detail

CCF: Denied Inet => Intrn Comm Detail

CCF: Denied Internet => CDE Comm Detail

CCF: Denied Internet => DMZ Comm Detail

CCF: Denied Intrn => Inet Comm Detail

CCF: Denied Intrn => Intrn Comm Detail

CCF: Denied Test => Internal Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: Denied Wireless => CDE Comm Detail

CCF: DMZ Communication Detail

CCF: Internal Communication Detail

CCF: Internet Communication Detail

CCF: Invalid CDE => Internet Comm Detail

CCF: Invalid DMZ => Internal Comm Detail

CCF: Invalid Inet => Intrn Comm Detail

CCF: Invalid Internet => CDE Comm Detail

CCF: Invalid Internet => DMZ Comm Detail

CCF: Invalid Intrn => Inet Comm Detail

CCF: Invalid Intrn => Intrn Comm Detail

CCF: Invalid Test => Internal Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Invalid Wireless => CDE Comm Detail

CCF: Network Communication Detail

CCF: Test Communication Detail

CCF: Wireless Communication Detail

CCF: AIE Denied CDE => Internet Comm Summary

CCF: AIE Denied DMZ => Internal Comm Summary

CCF: AIE Denied Inet => Intrn Comm Summary

CCF: AIE Denied Internet => CDE Comm Summary

CCF: AIE Denied Internet => DMZ Comm Summary

CCF: AIE Denied Intrn => Inet Comm Summary

CCF: AIE Denied Intrn => Intrn Comm Summary

CCF: AIE Denied Test => Internal Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Denied Wireless => CDE Comm Summary

CCF: AIE Invalid CDE => Internet Comm Summary

CCF: AIE Invalid DMZ => Internal Comm Summary

CCF: AIE Invalid Inet => Intrn Comm Summary

CCF: AIE Invalid Internet => CDE Comm Summary

CCF: AIE Invalid Internet => DMZ Comm Summary

CCF: AIE Invalid Intrn => Inet Comm Summary

CCF: AIE Invalid Intrn => Intrn Comm Summary

CCF: AIE Invalid Test => Internal Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: AIE Invalid Wireless => CDE Comm Summary

CCF: Denied CDE => Internet Comm Summary

CCF: Denied DMZ => Internal Comm Summary

CCF: Denied Inet => Intrn Comm Summary

CCF: Denied Internet => CDE Comm Summary

CCF: Denied Internet => DMZ Comm Summary

CCF: Denied Intrn => Inet Comm Summary

CCF: Denied Intrn => Intrn Comm Summary

CCF: Denied Test => Internal Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Denied Wireless => CDE Comm Summary

CCF: Invalid CDE => Internet Comm Summary

CCF: Invalid DMZ => Internal Comm Summary

CCF: Invalid Inet => Intrn Comm Summary

CCF: Invalid Internet => CDE Comm Summary

CCF: Invalid Internet => DMZ Comm Summary

CCF: Invalid Intrn => Inet Comm Summary

CCF: Invalid Intrn => Intrn Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: Invalid Wireless => CDE Comm Summary

CCF: AIE Denied CDE => Internet Comm Details

CCF: AIE Denied DMZ => Internal Comm Details

CCF: AIE Denied Inet => Intrn Comm Details

CCF: AIE Denied Internet => CDE Comm Details

CCF: AIE Denied Internet => DMZ Comm Details

CCF: AIE Denied Intrn => Inet Comm Details

CCF: AIE Denied Intrn => Intrn Comm Details

CCF: AIE Denied Test => Internal Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Denied Wireless => CDE Comm Details

CCF: AIE Invalid CDE => Internet Comm Details

CCF: AIE Invalid DMZ => Internal Comm Details

CCF: AIE Invalid Inet => Intrn Comm Details

CCF: AIE Invalid Internet => CDE Comm Details

CCF: AIE Invalid Internet => DMZ Comm Details

CCF: AIE Invalid Intrn => Inet Comm Details

CCF: AIE Invalid Intrn => Intrn Comm Details

CCF: AIE Invalid Test => Internal Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: AIE Invalid Wireless => CDE Comm Details

CCF: Denied CDE => Internet Comm Details

CCF: Denied DMZ => Internal Comm Details

CCF: Denied Inet => Intrn Comm Details

CCF: Denied Internet => CDE Comm Details

CCF: Denied Internet => DMZ Comm Details

CCF: Denied Intrn => Inet Comm Details

CCF: Denied Intrn => Intrn Comm Details

CCF: Denied Test => Internal Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Denied Wireless => CDE Comm Details

CCF: Invalid CDE => Internet Comm Details

CCF: Invalid DMZ => Internal Comm Details

CCF: Invalid Inet => Intrn Comm Details

CCF: Invalid Internet => CDE Comm Details

CCF: Invalid Internet => DMZ Comm Details

CCF: Invalid Intrn => Inet Comm Details

CCF: Invalid Intrn => Intrn Comm Details

CCF: Invalid Test => Internal Comm Details

CCF: Invalid Test => Internet Comm Details

CCF: Invalid Wireless => CDE Comm Details

2.2.3.a: Inspect configuration settings to verify that security features are documented and implemented for all insecure services, daemons, or protocols.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

2.2.3.b: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

2.3.b: Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access.

Augment

CCF: Denied Intrn => Inet Comm AIE Rule

CCF: Denied Intrn => Intrn Comm AIE Rule

CCF: Invalid Intrn => Inet Comm AIE Rule

CCF: Invalid Intrn => Intrn Comm AIE Rule

CCF: AIE Denied Intrn => Inet Comm Detail

CCF: AIE Denied Intrn => Intrn Comm Detail

CCF: AIE Invalid Intrn => Inet Comm Detail

CCF: AIE Invalid Intrn => Intrn Comm Detail

CCF: Application Access Detail

CCF: Denied Intrn => Inet Comm Detail

CCF: Denied Intrn => Intrn Comm Detail

CCF: Internal Communication Detail

CCF: Invalid Intrn => Inet Comm Detail

CCF: Invalid Intrn => Intrn Comm Detail

CCF: AIE Denied Intrn => Inet Comm Summary

CCF: AIE Denied Intrn => Intrn Comm Summary

CCF: AIE Invalid Intrn => Inet Comm Summary

CCF: AIE Invalid Intrn => Intrn Comm Summary

CCF: Denied Intrn => Inet Comm Summary

CCF: Denied Intrn => Intrn Comm Summary

CCF: Invalid Intrn => Inet Comm Summary

CCF: Invalid Intrn => Intrn Comm Summary

CCF: Non-Encrypted Protocol Summary

CCF: AIE Denied Intrn => Inet Comm Details

CCF: AIE Denied Intrn => Intrn Comm Details

CCF: AIE Invalid Intrn => Inet Comm Details

CCF: AIE Invalid Intrn => Intrn Comm Details

CCF: Denied Intrn => Inet Comm Details

CCF: Denied Intrn => Intrn Comm Details

CCF: Invalid Intrn => Inet Comm Details

CCF: Invalid Intrn => Intrn Comm Details

CCF: Non-Encrypted Protocol Details

2.3.e: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

3.6.7.a: Verify that key-management procedures specify processes to prevent unauthorized substitution of keys.

Augment

CCF: FIM Add

Activity AIE Rule

CCF: FIM Delete

Activity AIE Rule

CCF: FIM Group

Change Activity AIE Rule

CCF: FIM Modify

Activity AIE Rule

CCF: FIM Owner

Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

4.1.c: Select and observe a sample of inbound and outbound transmissions as they occur to verify that all cardholder data is encrypted with strong cryptography during transit.

Augment

CCF: Denied Intrn => Inet Comm AIE Rule

CCF: Denied Intrn => Intrn Comm AIE Rule

CCF: Invalid Intrn => Inet Comm AIE Rule

CCF: Invalid Intrn => Intrn Comm AIE Rule

CCF: AIE Denied Intrn => Inet Comm Detail

CCF: AIE Denied Intrn => Intrn Comm Detail

CCF: AIE Invalid Intrn => Inet Comm Detail

CCF: AIE Invalid Intrn => Intrn Comm Detail

CCF: Application Access Detail

CCF: Denied Intrn => Inet Comm Detail

CCF: Denied Intrn => Intrn Comm Detail

CCF: Internal Communication Detail

CCF: Invalid Intrn => Inet Comm Detail

CCF: Invalid Intrn => Intrn Comm Detail

CCF: AIE Denied Intrn => Inet Comm Summary

CCF: AIE Denied Intrn => Intrn Comm Summary

CCF: AIE Invalid Intrn => Inet Comm Summary

CCF: AIE Invalid Intrn => Intrn Comm Summary

CCF: Denied Intrn => Inet Comm Summary

CCF: Denied Intrn => Intrn Comm Summary

CCF: Invalid Intrn => Inet Comm Summary

CCF: Invalid Intrn => Intrn Comm Summary

CCF: Non-Encrypted Protocol Summary

CCF: AIE Denied Intrn => Inet Comm Details

CCF: AIE Denied Intrn => Intrn Comm Details

CCF: AIE Invalid Intrn => Inet Comm Details

CCF: AIE Invalid Intrn => Intrn Comm Details

CCF: Denied Intrn => Inet Comm Details

CCF: Denied Intrn => Intrn Comm Details

CCF: Invalid Intrn => Inet Comm Details

CCF: Invalid Intrn => Intrn Comm Details

CCF: Non-Encrypted Protocol Details

4.1.f: Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

Augment

CCF: Denied Intrn => Inet Comm AIE Rule

CCF: Denied Intrn => Intrn Comm AIE Rule

CCF: Invalid Intrn => Inet Comm AIE Rule

CCF: Invalid Intrn => Intrn Comm AIE Rule

CCF: AIE Denied Intrn => Inet Comm Detail

CCF: AIE Denied Intrn => Intrn Comm Detail

CCF: AIE Invalid Intrn => Inet Comm Detail

CCF: AIE Invalid Intrn => Intrn Comm Detail

CCF: Application Access Detail

CCF: Denied Intrn => Inet Comm Detail

CCF: Denied Intrn => Intrn Comm Detail

CCF: Internal Communication Detail

CCF: Invalid Intrn => Inet Comm Detail

CCF: Invalid Intrn => Intrn Comm Detail

CCF: AIE Denied Intrn => Inet Comm Summary

CCF: AIE Denied Intrn => Intrn Comm Summary

CCF: AIE Invalid Intrn => Inet Comm Summary

CCF: AIE Invalid Intrn => Intrn Comm Summary

CCF: Denied Intrn => Inet Comm Summary

CCF: Denied Intrn => Intrn Comm Summary

CCF: Invalid Intrn => Inet Comm Summary

CCF: Invalid Intrn => Intrn Comm Summary

CCF: Non-Encrypted Protocol Summary

CCF: AIE Denied Intrn => Inet Comm Details

CCF: AIE Denied Intrn => Intrn Comm Details

CCF: AIE Invalid Intrn => Inet Comm Details

CCF: AIE Invalid Intrn => Intrn Comm Details

CCF: Denied Intrn => Inet Comm Details

CCF: Denied Intrn => Intrn Comm Details

CCF: Invalid Intrn => Inet Comm Details

CCF: Invalid Intrn => Intrn Comm Details

CCF: Non-Encrypted Protocol Details

4.1.g: For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received.

For example, for browser-based implementations:

- “HTTPS” appears as the browser Universal Record.

- Locator (URL) protocol.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

4.1.h: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

5.1: For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists.

Augment

CCF: Antivirus Information AIE Rule

CCF: Antivirus Failure Detail

CCF: AIE Antivirus Activity Summary

CCF: Antivirus Activity Summary

CCF: AIE Antivirus Activity Details

CCF: Antivirus Activity Details

5.2.b: Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are:

- Configured to perform automatic updates, and

- Configured to perform periodic scans.

Augment

CCF: Antivirus Information AIE Rule

CCF: Antivirus Failure Detail

CCF: Signature Update Failure Detail

CCF: AIE Antivirus Activity Summary

CCF: Antivirus Activity Summary

CCF: Signature Update Activity Summary


CCF: AIE Antivirus Activity Details

CCF: Antivirus Activity Details

CCF: Signature Update Activity Details

5.2.c: Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that:

- The anti-virus software and definitions are current.

- Periodic scans are performed.

Augment

CCF: Antivirus Information AIE Rule

CCF: Antivirus Failure Detail

CCF: Signature Update Failure Detail

CCF: AIE Antivirus Activity Summary

CCF: Antivirus Activity Summary

CCF: Signature Update Activity Summary

CCF: AIE Antivirus Activity Details

CCF: Antivirus Activity Details

CCF: Signature Update Activity Details

5.2.d: Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that:

- Anti-virus software log generation is enabled, and

- Logs are retained in accordance with PCI DSS Requirement 10.7.

Direct

CCF: Antivirus Information AIE Rule

CCF: Antivirus Failure Detail

CCF: Malware Detail

CCF: Signature Update Failure Detail

CCF: AIE Antivirus Activity Summary

CCF: Antivirus Activity Summary

CCF: Signature Update Activity Summary

CCF: AIE Antivirus Activity Details

CCF: Antivirus Activity Details

CCF: Signature Update Activity Details

6.2.b: For a sample of system components and related software, compare the list of security patches installed on each system to the most recent vendor security-patch list, to verify the following:

- That applicable critical vendor-supplied security patches are installed appropriately.

Direct

CCF: Configuration Change Rule

CCF: Policy Change Rule

CCF: Software Update Failure Detail

CCF: Signature Update Failure Inv

CCF: Patch Update Failure Inv

CCF: Configuration Change Inv

CCF: Policy Change Inv

CCF: Software Update Activity Summary

CCF: Signature Update Failure Summary

CCF: Patch Update Failure Summary

CCF: Configuration Change Summary

CCF: Policy Change Summary

CCF: Software Update Activity Details

CCF: Signature Update Failure Detail

CCF: Patch Update Failure Detail

CCF: Configuration Change Detail

CCF: Policy Change Detail

6.3.a: Examine written software-development processes to verify that the processes are based on industry standards and/or best practices.

Augment

N/A

N/A

N/A

6.3.b: Examine written software-development processes to verify that information security is included throughout the life cycle.

Augment

N/A

N/A

N/A

6.3.c: Examine written software-development processes to verify that software applications are developed in accordance with PCI DSS.

Augment

N/A

N/A

N/A

6.3.d: Interview software developers to verify that written software-development processes are implemented.

Augment

N/A

N/A

N/A

6.4.1.a: Examine network documentation and network device configurations to verify that the development/test environments are separate from the production environment(s).

Augment

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Denied Test => Intern Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: AIE Invalid Test => Intrn Comm Detail

CCF: Denied Test => Internal Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: Invalid Test => Internal Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Test Communication Detail

CCF: AIE Denied Test => Internal Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid Test => Internal Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied Test => Internal Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: AIE Denied Test => Internal Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid Test => Internal Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied Test => Internal Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid Test => Internal Comm Details

CCF: Invalid Test => Internet Comm Details

6.4.1.b: Examine access controls settings to verify that access controls are in place to enforce separation between the development/test environments and the production environment(s).

Augment

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Denied Test => Intern Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: AIE Invalid Test => Intrn Comm Detail

CCF: Denied Test => Internal Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: Invalid Test => Internal Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Test Communication Detail

CCF: AIE Denied Test => Internal Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid Test => Internal Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied Test => Internal Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: AIE Denied Test => Internal Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid Test => Internal Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied Test => Internal Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid Test => Internal Comm Details

CCF: Invalid Test => Internet Comm Details

6.4.2: Observe processes and interview personnel assigned to development/test environments and personnel assigned to production environments to verify that separation of duties is in place between development/test environments and the production environment.

Augment

CCF: Denied Test => Internal Comm AIE Rule

CCF: Denied Test => Internet Comm AIE Rule

CCF: Invalid Test => Internal Comm AIE Rule

CCF: Invalid Test => Internet Comm AIE Rule

CCF: AIE Denied Test => Inet Comm Detail

CCF: AIE Denied Test => Intern Comm Detail

CCF: AIE Invalid Test => Inet Comm Detail

CCF: AIE Invalid Test => Intrn Comm Detail

CCF: Denied Test => Internal Comm Detail

CCF: Denied Test => Internet Comm Detail

CCF: Invalid Test => Internal Comm Detail

CCF: Invalid Test => Internet Comm Detail

CCF: Test Communication Detail

CCF: AIE Denied Test => Internal Comm Summary

CCF: AIE Denied Test => Internet Comm Summary

CCF: AIE Invalid Test => Internal Comm Summary

CCF: AIE Invalid Test => Internet Comm Summary

CCF: Denied Test => Internal Comm Summary

CCF: Denied Test => Internet Comm Summary

CCF: Invalid Test => Internal Comm Summary

CCF: Invalid Test => Internet Comm Summary

CCF: AIE Denied Test => Internal Comm Details

CCF: AIE Denied Test => Internet Comm Details

CCF: AIE Invalid Test => Internal Comm Details

CCF: AIE Invalid Test => Internet Comm Details

CCF: Denied Test => Internal Comm Details

CCF: Denied Test => Internet Comm Details

CCF: Invalid Test => Internal Comm Details

CCF: Invalid Test => Internet Comm Details

6.4.3.a: Observe testing processes and interview personnel to verify procedures are in place to ensure production data (live PANs) are not used for testing or development.

Augment

N/A

N/A

N/A

6.4.3.b: Examine a sample of test data to verify production data (live PANs) is not used for testing or development.

Augment

N/A

N/A

N/A

6.4.4.a: Observe testing processes and interview personnel to verify test data and accounts are removed before a production system becomes active.

Augment

N/A

CCF: Test Data Activity on Prod Systems Inv

N/A

6.4.4.b: Examine a sample of data and accounts from production systems recently installed or updated to verify test data and accounts are removed before the system becomes active.

Augment

N/A

CCF: Test Data Activity on Prod Systems Inv

N/A

6.4.6: For a sample of significant changes, examine change records, interview personnel, and observe the affected systems/networks to verify that applicable PCI DSS requirements were implemented and documentation updated as part of the change.

Augment

CCF: Change Record Statistics

CCF: Change Record Statistics Inv


6.5.1: Examine software-development policies and procedures and interview responsible personnel to verify that injection flaws are addressed by coding techniques that include:

- Validating input to verify user data cannot modify meaning of commands and queries.

Augment

N/A

CCF: Vulnerability Detail

N/A

6.5.2: Examine software-development policies and procedures and interview responsible personnel to verify that buffer overflows are addressed by coding techniques that include:

- Validating buffer boundaries.

- Truncating input strings.

Augment

N/A

CCF: Vulnerability Detail

N/A

6.5.4: Examine software-development policies and procedures and interview responsible personnel to verify that insecure communications are addressed by coding techniques that properly authenticate and encrypt all sensitive communications.

Augment

N/A

CCF: Vulnerability Detail

CCF: Non-Encrypted Protocol Summary

CCF: Non-Encrypted Protocol Details

6.5.5: Examine software-development policies and procedures and interview responsible personnel to verify that improper error handling is addressed by coding techniques that do not leak information via error messages (for example, by returning generic rather than specific errors).

Augment

N/A

CCF: Vulnerability Detail

CCF: Critical/Error Detail

N/A

6.5.6: Examine software-development policies and procedures and interview responsible personnel to verify that coding techniques address any “high risk” vulnerabilities that could affect the application, as identified in PCI DSS Requirement 6.1.

Augment

N/A

CCF: Vulnerability Detail

N/A

6.5.7: Examine software-development policies and procedures and interview responsible personnel to verify that cross-site scripting (XSS) is addressed by coding techniques that include:

- Validating all parameters before inclusion.

- Utilizing context-sensitive evasion

Augment

N/A

CCF: Vulnerability Detail

N/A

6.5.8: A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects with card data.

Augment

N/A

CCF: Vulnerability Detail

N/A

6.5.9: Examine software development policies and procedures and interview responsible personnel to verify that cross-site request forgery (CSRF) is addressed by coding techniques that ensure applications do not rely on authorization credentials and tokens automatically.

Augment

N/A

CCF: Vulnerability Detail

N/A

6.6: For public-facing web applications, ensure that either one of the following methods is in place as follows:

-- Examine documented processes, interview personnel, and examine records of application security assessments to verify that public-facing web applications are reviewed— using either manual or automated vulnerability security assessment tools or methods—as follows:

  • At least annually
  • After any changes
  • By an organization that specializes in application security
  • That, at a minimum, all vulnerabilities in Requirement 6.5 are included in the assessment
  • That all vulnerabilities are corrected
  • That the application is re-evaluated after the corrections.

-- Examine the system configuration settings and interview responsible personnel to verify that an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) is in place as follows:

  • Is situated in front of public-facing web applications to detect and prevent web-based attacks.
  • Is actively running and up to date as applicable.
  • Is generating audit logs.
  • Is configured to either block web-based attacks, or generate an alert that is immediately investigated.

Augment

N/A

CCF: Vulnerability Detail

N/A

7.1.1: Select a sample of roles and verify access needs for each role are defined and include:

- System components and data resources that each role needs to access for their job function.

- Identification of privilege necessary for each role to perform their job.

Augment

N/A

CCF: Priv Acct Auth Detail

CCF: Application Access Detail

CCF: Priv Access Granted/Revoked Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Details

CCF: Priv Authentication Activity Detail

CCF: AIE Priv Access Granted/Revoked Details

7.1.2.a: Interview personnel responsible for assigning access to verify that access to privileged user IDs is:

- Assigned only to roles that specifically require such privileged access.

- Restricted to least privileges necessary to perform job responsibilities.

Augment

N/A

CCF: Application Access Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: Account Management Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

7.1.2.b: Select a sample of user IDs with privileged access and interview responsible management personnel to verify that privileges assigned are:

- Necessary for that individual’s job function.

- Restricted to least privileges necessary to perform job responsibilities.

Augment

N/A

CCF: Application Access Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: Account Management Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

8.1.a: Review procedures and confirm they define processes for each of the items below at 8.1.1 through 8.1.8.

Augment

N/A

N/A

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Account Management Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Access Granted/Revoked Activity Details

CCF: Account Management Activity Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.1.1: Interview administrative personnel to confirm that all users are assigned a unique ID for access to system components or cardholder data.

Augment

N/A

N/A

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Account Management Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Access Granted/Revoked Activity Details

CCF: Account Management Activity Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.1.2: For a sample of privileged user IDs and general user IDs, examine associated authorizations and observe system settings to verify each user ID and privileged user ID has been implemented with only the privileges specified on the documented approval.

Augment

N/A

N/A

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Account Management Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Access Granted/Revoked Activity Details

CCF: Account Management Activity Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.1.3.a: Select a sample of users terminated in the past six months, and review current user access lists, for both local and remote access, to verify that their IDs have been deactivated or removed from the access lists.

Augment

CCF: Account Disabled/Locked AIE Rule

CCF: Invalid Account Usage AIE Rule

CCF: Account Termination Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Account Disable/Locked Detail

CCF: AIE Account Disable/Locked Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.1.3.b: Verify all physical authentication methods, such as smart cards, tokens, etc., have been returned or deactivated.

Augment

CCF: Physical Access Usage AIE Rule

CCF: Physical Access Failure Detail

CCF: AIE Physical Security Auth Summary

CCF: Physical Security Auth Activity Summary

CCF: AIE Physical Security Auth Details

CCF: Physical Security Auth Activity Details

8.1.4: Observe user accounts to verify that any inactive accounts over 90 days old are either removed or disabled.

Augment

CCF: Account Disabled/Locked AIE Rule

CCF: Invalid Account Usage AIE Rule

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Account Disable/Locked Detail

CCF: AIE Account Disable/Locked Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.1.5.a: Interview personnel and observe processes for managing accounts used by vendors to access, support, or maintain system components to verify that accounts used by vendors for remote access are:

- Disabled when not in use.

- Enabled only when needed by the vendor.

Augment

CCF: Vendor Auth Activity AIE Rule

CCF: AIE Vendor Access Detail

CCF: Vendor Access Detail

CCF: Vendor Account Enabled Detail

CCF: Vendor Authentication Detail

CCF: AIE Vendor Account Enabled Alert Summary

CCF: AIE Vendor Authentication Summary

CCF: Vendor Account Management Summary

CCF: Vendor Authentication Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: AIE Vendor Authentication Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

8.1.5.b: Interview personnel and observe processes to verify that vendor remote access accounts are monitored while being used.

Augment

CCF: Vendor Auth Activity AIE Rule

CCF: AIE Vendor Access Detail

CCF: Vendor Access Detail

CCF: Vendor Account Enabled Detail

CCF: Vendor Authentication Detail

CCF: AIE Vendor Account Enabled Alert Summary

CCF: AIE Vendor Authentication Summary

CCF: Vendor Account Management Summary

CCF: Vendor Authentication Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Vendor Access Failure Summary

CCF: AIE Access Granted/Revoked Details

CCF: AIE Vendor Authentication Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Vendor Authentication Details

CCF: Access Granted/Revoked Activity Details

CCF: Vendor Access Failure Detail

8.1.6.a: For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than six invalid logon attempts.

Augment

CCF: Account Disabled/Locked AIE Rule

CCF: Configuration/Policy Change Detail

CCF: Account Disable/Locked Detail

CCF: AIE Account Disable/Locked Detail

CCF: Configuration/Policy Change Summary

CCF: Access Granted/Revoked Activity Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Access Granted/Revoked Summary

CCF: Access Granted/Revoked Activity Details

CCF: Configuration/Policy Change Details

CCF: AIE Access Granted/Revoked Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Access Granted/Revoked Summary

8.1.6.b: Additional testing procedure for service provider assessments only: Review internal processes and customer/user documentation, and observe implemented processes to verify that non-consumer customer user accounts are temporarily locked-out after not more than 10 attempts.

Augment

CCF: Vendor Auth Activity AIE Rule

CCF: Account Disabled/Locked AIE Rule

CCF: AIE Vendor Access Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Vendor Account Enabled Detail

CCF: Configuration/Policy Change Detail

CCF: Account Disable/Locked Detail

CCF: AIE Account Disable/Locked Detail

CCF: AIE Vendor Account Enabled Alert Summary

CCF: AIE Vendor Authentication Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Account Management Summary

CCF: Vendor Authentication Summary

CCF: Configuration/Policy Change Summary

CCF: Vendor Access Granted/Revoked Activity Summary

CCF: AIE Vendor Authentication Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Configuration/Policy Change Details

8.1.7: For a sample of system components, inspect system configuration settings to verify that password parameters are set to require that once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the password.

Augment

CCF: Account Disabled/Locked AIE Rule

CCF: Account Disable/Locked Detail

CCF: AIE Account Disable/Locked Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Vendor Access Granted/Revoked Activity Summary

CCF: Database Access Granted/Revoked Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

8.2.5.a: For a sample of system components, obtain and inspect system configuration settings to verify that password parameters are set to require that new passwords cannot be the same as the four previously used passwords.

Augment

N/A

N/A

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.2.5.b: Additional testing procedure for service provider assessments only: Review internal processes and customer/user documentation to verify that new non-consumer customer user passwords cannot be the same as the previous four passwords.

Augment

N/A

N/A

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Vendor Account Management Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.3.1.b: Observe a sample of administrator personnel login to the CDE and verify that at least two of the three authentication methods are used.

Augment

CCF: Personel Login Authentication Method Event

CCF: Personel Login Authentication Method Inv


8.5.c: Interview system administrators to verify that group and shared IDs and/or passwords or other authentication methods are not distributed, even if requested.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Account Termination Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: AIE Vendor Account Enabled Alert Summary

CCF: Vendor Account Management Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: Database Account Management Summary

CCF: Database Access Granted/Revoked Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: AIE Invalid Account Usage Details

CCF: Invalid Account Usage Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Database Account Management Details

CCF: Database Access Granted/Revoked Details

CCF: Priv Account Management Activity Details

CCF: Priv Access Granted/Revoked Details

CCF: AIE Priv Access Granted/Revoked Details

8.7.a: Review database and application configuration settings and verify that all users are authenticated prior to access.

Augment

CCF: Database Authentication AIE Rule

CCF: AIE Database Authentication Detail AIE

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: AIE Database Authentication Summary

CCF: Database Account Management Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Database Access Granted/Revoked Summary

CCF: AIE Database Authentication Details

CCF: Database Account Management Details

CCF: Database Authentication Activity Details

CCF: Database Access Failure Detail

CCF: Database Access Granted/Revoked Detail

8.7.c: Examine database access control settings and database application configuration settings to verify that user direct access to or queries of databases are restricted to database administrators.

Augment

CCF: Database Authentication AIE Rule

CCF: AIE Database Authentication Detail AIE

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: AIE Database Authentication Summary

CCF: Database Account Management Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Database Access Granted/Revoked Summary

CCF: AIE Database Authentication Details

CCF: Database Account Management Details

CCF: Database Authentication Activity Details

CCF: Database Access Granted/Revoked Detail

CCF: Database Access Failure Detail

8.7.d: Examine database access control settings, database application configuration settings, and the related application IDs to verify that application IDs can only be used by the applications (and not by individual users or other processes).

Augment

CCF: Database Authentication AIE Rule

CCF: AIE Database Authentication Detail AIE

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: AIE Database Authentication Summary

CCF: Database Account Management Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Database Access Granted/Revoked Summary

CCF: AIE Database Authentication Details

CCF: Database Account Management Details

CCF: Database Authentication Activity Details

CCF: Database Access Failure Detail

CCF: Database Access Granted/Revoked Detail

9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment.

- Verify that access is controlled with badge readers or other devices, including authorized badges.

Augment

CCF: Physical Access Usage AIE Rule

CCF: Physical Access Failure Detail

CCF: AIE Physical Security Auth Summary

CCF: Physical Security Auth Activity Summary

CCF: AIE Physical Security Auth Details

CCF: Physical Security Auth Activity Details

9.1.1.a: Verify that either video cameras or access control mechanisms (or both) are in place to monitor the entry/exit points to sensitive areas.

Augment

CCF: Physical Access Usage AIE Rule

CCF: Physical Access Failure Detail

CCF: AIE Physical Security Auth Summary

CCF: Physical Security Auth Activity Summary

CCF: AIE Physical Security Auth Details

CCF: Physical Security Auth Activity Details

9.1.2: Interview responsible personnel and observe locations of publicly accessible network jacks to verify that physical and/or logical controls are in place to restrict access to publicly accessible network jacks.

Augment

CCF: Physical Access Usage AIE Rule

CCF: Physical Access Failure Detail

CCF: AIE Physical Security Auth Summary

CCF: Physical Security Auth Activity Summary

CCF: AIE Physical Security Auth Details

CCF: Physical Security Auth Activity Details

9.3.c: Select a sample of recently terminated employees and review access control lists to verify the personnel do not have physical access to sensitive areas.

Augment

CCF: Physical Access Usage AIE Rule

CCF: Physical Access Failure Detail

CCF: AIE Physical Security Auth Summary

CCF: Physical Security Auth Activity Summary


CCF: AIE Physical Security Auth Details

CCF: Physical Security Auth Activity Details

9.7.1: Review media inventory logs to verify that logs are maintained and media inventories are performed at least annually.

Augment

CCF: Backup Information AIE Rule

CCF: Backup Failure Detail

CCF: AIE Backup Activity Summary

CCF: Backup Activity Summary

CCF: AIE Backup Activity Details

CCF: Backup Activity Details

9.9: Examine documented policies and procedures to verify they include:

- Maintaining a list of devices.

- Periodically inspecting devices to look for tampering or substitution.

- Training personnel to be aware of suspicious behavior and to report tampering or suspicious activity.

Augment

N/A

N/A

N/A

9.9.2.b: Interview responsible personnel and observe inspection processes to verify:

- Personnel are aware of procedures for inspecting devices.

- All devices are periodically inspected for evidence of tampering and substitution.

Augment

N/A

N/A

N/A

10.1: Verify, through observation and interviewing the system administrator, that:

- Audit trails are enabled and active for system components.

- Access to system components is linked to individual users.

Direct

N/A

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Priv Access Granted/Revoked Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Priv Account Management Activity Details

CCF: AIE Priv Access Granted/Revoked Details

CCF: Priv Access Granted/Revoked Details

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

10.2: Through interviews of responsible personnel, observation of audit logs, and examination of audit log settings, perform the following:

Examine audit log configurations and log data to verify that all individual user access to cardholder data is logged.

Direct

N/A

N/A

N/A

10.2.1: Audit logs capture all individual user accesses to cardholder data

Direct

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

10.2.2: Verify all actions taken by any individual with root or administrative privileges are logged.

Direct

N/A

CCF: Configuration/Policy Change Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Access Granted/Revoked Activity Summary

CCF: Account Management Activity Summary

CCF: Configuration/Policy Change Summary

CCF: Priv Authentication Activity Summary

CCF: Priv Access Failure Summary

CCF: Priv Access Granted/Revoked Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Access Granted/Revoked Activity Details

CCF: AIE Access Granted/Revoked Details

CCF: Account Management Activity Details

CCF: Configuration/Policy Change Details

CCF: Priv Access Granted/Revoked Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

10.2.3: Verify access to all audit trails is logged.

Augment

N/A

N/A

CCF: LogRhythm Usage Auditing Summary

CCF: LogRhythm Usage Auditing by Date Details

CCF: LogRhythm Usage Auditing by User Details

10.2.4: Verify invalid logical access attempts are logged.

Direct

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

10.2.5.a: Verify use of identification and authentication mechanisms is logged.

Direct

N/A

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Priv Access Granted/Revoked Summary

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: User Priv Escalation (Windows) Summary

CCF: Priv Authentication Activity Summary

CCF: Priv Access Failure Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Priv Access Granted/Revoked Details

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

10.2.5.b: Verify all elevation of privileges is logged.

Direct

N/A

N/A

CCF: Priv Access Granted/Revoked Summary

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: User Priv Escalation (Windows) Summary

CCF: Priv Authentication Activity Summary

CCF: Priv Access Failure Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Priv Access Granted/Revoked Details

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

10.2.5.c: Verify all changes, additions, or deletions to any account with root or administrative privileges are logged.

Direct

N/A

N/A

CCF: Priv Access Granted/Revoked Summary

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: User Priv Escalation (Windows) Summary

CCF: Priv Authentication Activity Summary

CCF: Priv Access Failure Summary

CCF: AIE Priv Access Granted/Revoked Summary

CCF: Priv Account Management Activity Summary

CCF: Priv Access Granted/Revoked Details

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

10.2.6: Verify the following are logged:

- Initialization of audit logs.

- Stopping or pausing of audit logs.

Augment

N/A

CCF: Audit Log Detail

CCF: Audit Log Summary

CCF: Audit Log Details

10.2.7: Verify creation and deletion of system level objects are logged.

Augment

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: Object Disposal Failure Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: Object Creation/Disposal Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

CCF: Object Creation/Disposal Activity Details

10.3: Through interviews and observation of audit logs, for each auditable event (from 10.2), perform the following:

Direct

N/A

N/A

N/A

10.3.1: Verify user identification is included in log entries.

Direct

N/A

N/A

N/A

10.3.2: Verify type of event is included in log entries.

Direct

N/A

N/A

N/A

10.3.3: Verify date and time stamp is included in log entries.

Direct

N/A

N/A

N/A

10.3.4: Verify success or failure indication is included in log entries.

Direct

N/A

N/A

N/A

10.3.5: Verify origination of event is included in log entries.

Direct

N/A

N/A

N/A

10.3.6: Verify identity or name of affected data, system component, or resources is included in log entries.

Direct

N/A

N/A

N/A

10.4: Examine configuration standards and processes to verify that time- synchronization technology is implemented and kept current per PCI DSS Requirements 6.1 and 6.2.

Direct

N/A

N/A

N/A

10.4.1.a: Examine the process for acquiring, distributing and storing the correct time within the organization to verify that:

- Only the designated central time server(s) receives time signals from external sources, and time signals from external sources are based on industry-accepted standards.

Direct

N/A

CCF: Configuration/Policy Change Detail

CCF: Configuration/Policy Change Summary

CCF: Configuration/Policy Change Details

10.4.2.b: Examine system configurations, time synchronization settings and logs, and processes to verify that any changes to time settings on critical systems are logged, monitored, and reviewed.

Augment

N/A

N/A

CCF: Time Sync Errors Summary

10.5: Audit log files are protected to prevent modifications by individuals.

Direct

N/A

N/A

N/A

10.5.1: Only individuals who have a job-related need can view audit trail files.

Direct

N/A

N/A

N/A

10.5.2: Current audit trail files are protected from unauthorized modifications via access control mechanisms, physical segregation, and/or network segregation.

Direct

N/A

N/A

N/A

10.5.3: Current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter.

Direct

N/A

N/A

N/A

10.5.4: Verify that logs for external-facing technologies (for example, wireless, firewalls, DNS, mail) are offloaded or copied onto a secure centralized internal log server or media.

Direct

N/A

N/A

CCF: Log Volume Summary

10.5.5: Examine system settings, monitored files, and results from monitoring activities to verify the use of file-integrity monitoring or change-detection software on logs.

Direct

CCF: FIM Modify Activity AIE Rule

CCF: FIM Activity Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

10.6.1.a: Examine security policies and procedures to verify that procedures are defined for reviewing the following at least daily, either manually or via log tools:

- All security events.

- Logs of all system components that store, process, or transmit CHD and/or SAD.

Augment

N/A

N/A

CCF: LogRhythm Usage Auditing Summary

CCF: LogRhythm Usage Auditing by Date Details

CCF: LogRhythm Usage Auditing by User Details

10.6.1.b: Observe processes and interview personnel to verify that the following are reviewed at least daily:

- All security events.

- Logs of all system components that store, process, or transmit CHD and/or SAD.

- Logs of all critical system components.

- Logs of all servers and system components that perform security functions (for example, network security controls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers).

Augment

N/A

N/A

CCF: LogRhythm Usage Auditing Summary

CCF: LogRhythm Usage Auditing by Date Details

CCF: LogRhythm Usage Auditing by User Details

10.6.2.a: Examine security policies and procedures to verify that procedures are defined for reviewing logs of all other system components periodically, either manually or via log tools, based on the organization’s policies and risk management strategy.

Augment

N/A

N/A

CCF: LogRhythm Usage Auditing Summary

CCF: LogRhythm Usage Auditing by Date Details

CCF: LogRhythm Usage Auditing by User Details

10.7.b: Interview personnel and examine audit logs to verify that audit logs are retained for at least one year.

Direct

N/A

N/A

CCF: Log Volume Summary

10.7.c: Interview personnel and observe processes to verify that at least the last three months’ logs are immediately available for analysis.

Direct

N/A

N/A

CCF: Log Volume Summary

10.8.b: Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert.

Direct

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

10.8.1.b: Examine records to verify that security control failures are documented to include:

- Identification of cause(s) of the failure, including root cause.

- Duration (date and time start and end) of the security failure.

- Details of the remediation required to address the root cause.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

11.1.b: Verify that the methodology is adequate to detect and identify any unauthorized wireless access points, including at least the following:

- WLAN cards inserted into system components.

- Portable or mobile devices attached to system components to create an authoritative list.

Augment

N/A

CCF: Rouge WAP Detail

CCF: Rogue WAP Summary

CCF: Rogue WAP Detail

11.1.d: If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to notify personnel.

Augment

N/A

CCF: Rouge WAP Detail

CCF: Rogue WAP Summary

CCF: Rogue WAP Detail

11.4.a: Examine system configurations and network diagrams to verify that techniques (such as intrusion-detection systems and/or intrusion-prevention systems) are in place to monitor all traffic:

- At the perimeter of the cardholder data environment.

- At critical points in the cardholder data environment.

Augment

N/A

CCF: Malware Detail

CCF: Reconnaissance/Suspicious Detail

CCF: Security Activity Detail

CCF: Security Event Detail

CCF: Signature Update Failure Detail

CCF: Security Event by Impacted App Summary

CCF: Security Event by Impacted Host Summary

CCF: Security Event by Log Source Ent Summary

CCF: Security Event by Origin Host Summary

CCF: Signature Update Activity Summary

CCF: Top Attackers Summary

CCF: Top Suspicious Users Summary

CCF: Top Targeted Applications Summary

CCF: Top Targeted Hosts Summary

CCF: Security Event by Impacted App Details

CCF: Security Event by Impacted Host Details

CCF: Security Event by Log Source Ent Details

CCF: Security Event by Origin Host Details

CCF: Signature Update Activity Details

11.4.b: Examine system configurations and interview responsible personnel to confirm intrusion-detection and/or intrusion-prevention techniques alert personnel of suspected compromises.

Augment

N/A

CCF: Malware Detail

CCF: Reconnaissance/Suspicious Detail

CCF: Security Activity Detail

CCF: Security Event Detail

CCF: Signature Update Failure Detail

CCF: Security Event by Impacted App Summary

CCF: Security Event by Impacted Host Summary

CCF: Security Event by Log Source Ent Summary

CCF: Security Event by Origin Host Summary

CCF: Signature Update Activity Summary

CCF: Top Attackers Summary

CCF: Top Suspicious Users Summary

CCF: Top Targeted Applications Summary

CCF: Top Targeted Hosts Summary

CCF: Security Event by Impacted App Details

CCF: Security Event by Impacted Host Details

CCF: Security Event by Log Source Ent Details

CCF: Security Event by Origin Host Details

CCF: Signature Update Activity Details

11.4.c: Examine IDS/IPS configurations and vendor documentation to verify intrusion-detection and/or intrusion-prevention techniques are configured, maintained, and updated per vendor instructions to ensure optimal protection.

Augment

N/A

CCF: Malware Detail

CCF: Reconnaissance/Suspicious Detail

CCF: Security Activity Detail

CCF: Security Event Detail

CCF: Signature Update Failure Detail

CCF: Security Event by Impacted App Summary

CCF: Security Event by Impacted Host Summary

CCF: Security Event by Log Source Ent Summary

CCF: Security Event by Origin Host Summary

CCF: Signature Update Activity Summary

CCF: Top Attackers Summary

CCF: Top Suspicious Users Summary

CCF: Top Targeted Applications Summary

CCF: Top Targeted Hosts Summary

CCF: Security Event by Impacted App Details

CCF: Security Event by Impacted Host Details

CCF: Security Event by Log Source Ent Details

CCF: Security Event by Origin Host Details

CCF: Signature Update Activity Details

11.5.a: Verify the use of a change-detection mechanism by observing system settings and monitored files, as well as reviewing results from monitoring activities.

Examples of files that should be monitored:

- System executables.

- Application executables.

- Configuration and parameter files.

- Centrally stored, historical or archived, log and audit files.

- Additional critical files determined by entity (for example, through risk assessment or other means).

Direct

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: FIM Group Change Activity AIE Rule

CCF: FIM Modify Activity AIE Rule

CCF: FIM Owner Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

11.5.b: Verify the mechanism is configured to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files, and to perform critical file comparisons at least weekly.

Direct

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: FIM Group Change Activity AIE Rule

CCF: FIM Modify Activity AIE Rule

CCF: FIM Owner Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

12.3.8.b: Examine configurations for remote access technologies to verify that remote access sessions will be automatically disconnected after a specific period of inactivity.

Augment

CCF: Remote Session Timeout AIE Rule

N/A

CCF: AIE Remote Session Timeout Summary

CCF: Remote Session Timeout Activity Summary

CCF: AIE Remote Session Timeout Details

CCF: Remote Session Timeout Activity Details

12.3.9: Verify that the usage policies require activation of remote-access technologies used by vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use.

Augment

CCF: Vendor Auth Activity AIE Rule

CCF: Vendor Access Detail

CCF: Vendor Authentication Detail

CCF: Vendor Account Enabled Detail

CCF: AIE Vendor Account Enabled Alert Summary

CCF: AIE Vendor Authentication Summary

CCF: Vendor Account Management Summary

CCF: Vendor Authentication Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Access Granted/Revoked Summary

CCF: AIE Vendor Authentication Details

CCF: Vendor Account Management Details

CCF: Vendor Access Granted/Revoked Details

CCF: Vendor Authentication Details

CCF: Vendor Account Management Details

CCF: Vendor Access Failure Detail

12.10.5: Verify through observation and review of processes that monitoring and responding to alerts from security monitoring systems are covered in the incident response plan.

Augment

CCF: Backup Information AIE Rule

CCF: FIM Information AIE Rule

CCF: Backup Failure Detail

CCF: FIM Failure Detail

CCF: Malware Detail

CCF: Operations Exception Detail

CCF: Rouge WAP Detail

CCF: Security Activity Detail

CCF: Security Event Detail

CCF: Vulnerability Detail

CCF: AIE Backup Activity Summary

CCF: AIE FIM Critical/Error/Info Summary

CCF: Backup Activity Summary

CCF: FIM Critical/Error/Information Summary

CCF: Rogue WAP Summary

CCF: Security Event by Impacted App Summary

CCF: Security Event by Impacted Host Summary

CCF: Security Event by Log Source Ent Summary

CCF: Security Event by Origin Host Summary

CCF: Top Attackers Summary

CCF: Top Suspicious Users Summary

CCF: Top Targeted Applications Summary

CCF: Top Targeted Hosts Summary

CCF: AIE Backup Activity Details

CCF: FIM Activity Details

CCF: AIE FIM Critical/Error/Info Details

CCF: Backup Activity Details

CCF: FIM Critical/Error/Information Details

CCF: LogRhythm Alarm And Response Details

CCF: Rogue WAP Detail

CCF: Security Event by Impacted App Details

CCF: Security Event by Impacted Host Details

CCF: Security Event by Log Source Ent Details

CCF: Security Event by Origin Host Details

12.11.a: Examine policies and procedures to verify that processes are defined for reviewing and confirming that personnel are following security policies and operational procedures, and that reviews cover:

- Daily log reviews.

- Firewall rule-set reviews.

- Applying configuration standards to new systems.

- Responding to security alerts.

- Change management processes.

Augment

CCF: Configuration Change Rule

CCF: Policy Change Rule

CCF: Software Update Failure Detail

CCF: Signature Update Failure Inv

CCF: Patch Update Failure Inv

CCF: Configuration Change Inv

CCF: Policy Change Inv

CCF: Software Update Activity Summary

CCF: Signature Update Failure Summary

CCF: Patch Update Failure Summary

CCF: Configuration Change Summary

CCF: Policy Change Summary

CCF: Software Update Activity Details

CCF: Signature Update Failure Detail

CCF: Patch Update Failure Detail

CCF: Configuration Change Detail

CCF: Policy Change Detail

A1.1: If a shared hosting provider allows entities (for example, merchants or service providers) to run their own applications, verify these application processes run using the unique ID of the entity. For example:

- No entity on the system can use a shared web server user ID.

- All CGI scripts used by an entity must be created and run as the entity’s unique user ID.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A1.2.b: Verify each entity (merchant, service provider) has read, write, or execute permissions only for files and directories it owns or for necessary system files (restricted via file system permissions, access control lists, chroot, jailshell, etc.)

An entity’s files may not be shared by group.

Augment

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: FIM Group Change Activity AIE Rule

CCF: FIM Modify Activity AIE Rule

CCF: FIM Owner Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

A1.2.c: Verify that an entity’s users do not have write access to shared system binaries.

Augment

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: FIM Group Change Activity AIE Rule

CCF: FIM Modify

Activity AIE Rule

CCF: FIM Owner Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

A1.3: Verify the shared hosting provider has enabled logging as follows, for each merchant and service provider environment:

- Logs are enabled for common third-party applications.

- Logs are active by default.

- Logs are available for review by the owning entity.

- Log locations are clearly communicated to the owning entity.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A2.1: For POS POI terminals (and the SSL/TLS termination points to which they connect) using SSL and/or early TLS:

- Confirm the entity has documentation (for example, vendor documentation, system/network configuration details, etc.) that verifies the devices are not susceptible to any known exploits for SSL/early TLS.

Or:

- Complete A2.2 below.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

A2.2: Review the documented Risk Mitigation and Migration Plan to verify it includes:

- Description of usage, including what data is being transmitted, types and number of systems that use and/or support SSL/early TLS, type of environment;

- Risk-assessment results and risk-reduction controls in place;

- Description of processes to monitor for new vulnerabilities associated with SSL/early TLS;

- Description of change control processes that are implemented to ensure SSL/early TLS is not implemented into new environments; and

- Overview of migration project plan including target migration completion date no later than June 30, 2018.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

A2.3: Examine system configurations and supporting documentation to verify the service provider offers a secure protocol option for their service.

Augment

CCF: TLS Activity

CCF: SSL Activity

CCF: TLS/SSL Activity

CCF: TLS/SSL Summary

CCF: Early TLS/SSL Version Summary

CCF: Non-Encrypted Protocol Summary

CCF: TLS/SSL Detail

CCF: Early TLS/SSL Version Detail

CCF: Non-Encrypted Protocol Details

A3.1.1.c: Examine executive management and board of directors meeting minutes and/or presentations to ensure PCI DSS compliance initiatives and remediation activities are communicated at least annually.

Augment

Report Packages




A3.2.2.1: For a sample of systems and network changes, examine change records, interview personnel and observe the affected systems/networks to verify that applicable PCI DSS requirements were implemented and documentation updated as part of the change.

Augment

Use of Case Management for storing samples

General strategy applied to the following controls:

-6.4.3

-6.4.4

-6.4.6

-8.3.1.b




A3.2.5.b: Examine results from recent data discovery efforts, and interview responsible personnel to verify that data discovery is performed at least quarterly and upon significant changes to the cardholder environment or processes.

Augment

CCF: Configuration Change Rule

CCF: Policy Change Rule

CCF: FIM Add Activity AIE Rule

CCF: FIM Delete Activity AIE Rule

CCF: FIM Group Change Activity AIE Rule

CCF: FIM Modify Activity AIE Rule

CCF: FIM Owner Change Activity AIE Rule

CCF: FIM Permission Activity AIE Rule

CCF: Software Update Failure Detail

CCF: Signature Update Failure Inv

CCF: Patch Update Failure Inv

CCF: Configuration Change Inv

CCF: Policy Change Inv

CCF: AIE FIM ADD/Delete/Mod Activity Detail

CCF: AIE FIM Permission Change Detail

CCF: FIM Activity Detail

CCF: FIM ADD/Delete/Mod Activity Detail

CCF: FIM Permission Change Detail

CCF: Software Update Activity Summary

CCF: Signature Update Failure Summary

CCF: Patch Update Failure Summary

CCF: Configuration Change Summary

CCF: Policy Change Summary

CCF: AIE FIM Activity Summary

CCF: FIM Activity Summary

CCF: Software Update Activity Details

CCF: Signature Update Failure Detail

CCF: Patch Update Failure Detail

CCF: Configuration Change Detail

CCF: Policy Change Detail

CCF: AIE FIM Activity Details

CCF: FIM Activity Details

A3.2.6.b: Examine audit logs and alerts, and interview responsible personnel to verify that alerts are investigated.

Augment

Case Management

N/A

N/A

N/A

A3.3.1.a: Examine documented policies and procedures to verify that processes are defined to immediately detect and alert on critical security control failures.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A3.3.1.b: Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert.

Relates to 10.8

Direct

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A3.3.1.1.b: Examine records to verify that security control failures are documented to include:

- Identification of cause(s) of the failure, including root cause.

- Duration (date and time start and end) of the security failure.

- Details of the remediation required to address the root cause.

Relates to 10.8.

Augment

Case Management support

Relates to 10.8.1

N/A

N/A

N/A

A3.3.3.a: Examine policies and procedures to verify that processes are defined for reviewing and verifying BAU activities. Verify the procedures include:

- Confirming that all BAU activities (e.g., A3.2.2, A3.2.6, and A3.3.1) are being performed.

- Confirming that personnel are following security policies and operational procedures (for example, daily log reviews, firewall rule-set reviews, configuration standards for new systems, etc.)

- Documenting how the reviews were completed, including how all BAU activities were verified as being in place.

- Collecting documented evidence as required for the annual PCI DSS assessment.

- Reviewing and sign-off of results by executive management assigned responsibility for PCI DSS governance.

- Retaining records and documentation for at least 12 months, covering all BAU activities.

Augment

Case Management

N/A

N/A

N/A

A3.3.3.b: Interview responsible personnel and examine records of reviews to verify that:

- Reviews are performed by personnel assigned to the PCI DSS compliance program.

- Reviews are performed at least quarterly.

Augment

Case Management provides the ability to verify that daily reporting is performed.

N/A

N/A

N/A

A3.4.1: Interview responsible personnel and examine supporting documentation to verify that:

- User accounts and access privileges are reviewed at least every six months.

- Reviews confirm that access is appropriate based on job function, and that all access is authorized.

Augment

CCF: Personel Login Authentication Method Event

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Personel Login Authentication Method Inv

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A3.5.1.a: Review documentation and interview personnel to verify a methodology is defined and implemented to identify attack patterns and undesirable behavior across systems in a timely manner, and includes the following:

- Identification of anomalies or suspicious activity as it occurs.

- Issuance of timely alerts to responsible personnel.

- Response to alerts in accordance with documented response procedures.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

A3.5.1.b: Examine incident response procedures and interview responsible personnel to verify that:

- On-call personnel receive timely alerts.

- Alerts are responded to per documented response procedures.

Augment

CCF: Invalid Account Usage AIE Rule

CCF: Database Authentication AIE Rule

CCF: Vendor Auth Activity AIE Rule

CCF: Service Provider Failure and Critical Inv

CCF: Authentication Failure Detail

CCF: Access Failure Detail

CCF: Vendor Authentication Detail

CCF: Vendor Access Detail

CCF: Database Authentication Detail

CCF: Database Access Detail

CCF: Priv Acct Auth Detail

CCF: Priv Access Activity Details

CCF: Audit Exception Detail

CCF: Service Provider Failure and Critical Summary

CCF: Authentication Failure Summary

CCF: Access Failure Summary

CCF: Vendor Access Failure Summary

CCF: Vendor Authentication Summary

CCF: AIE Vendor Authentication Summary

CCF: AIE Invalid Account Usage Summary

CCF: Invalid Account Usage Summary

CCF: Priv Authentication Activity Summary

CCF: AIE Database Authentication Summary

CCF: Database Authentication Activity Summary

CCF: Database Access Failure Summary

CCF: Service Provider Failure and Critical Detail

CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments)

CCF: Vendor Authentication Details

CCF: Vendor Access Failure Detail

CCF: AIE Invalid Account Usage Detail

CCF: Invalid Account Usage Detail

CCF: Priv Authentication Activity Detail

CCF: Priv Access Failure Detail

CCF: Database Authentication Activity Detail

CCF: Database Access Failure Detail

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.