PCI DSS 4.0 – Requirements
Control Description | Support | AIE Rules/Alerts | Investigations | Reports |
|---|---|---|---|---|
1.1.1.a: Examine documented procedures to verify there is a formal process for testing and approval of all: - Network connections and - Changes to firewall and router configurations | Augment | N/A | CCF: Configuration/Policy Change Detail | CCF: Configuration/Policy Change Summary CCF: Configuration/Policy Change Details |
1.1.6.a: Verify that firewall and router configuration standards include a documented list of all services, protocols and ports, including business justification and approval for each. | Augment | N/A | CCF: Network Communication Detail | CCF: Non-Encrypted Protocol Summary CCF: Non-Encrypted Protocol Details |
1.1.6.b: Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service. | Direct | N/A | CCF: Network Communication Detail | CCF: Non-Encrypted Protocol Summary CCF: Non-Encrypted Protocol Details |
1.2.1.a: Examine firewall and router configuration standards to verify that they identify inbound and outbound traffic necessary for the cardholder data environment. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Inet => Intrn Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Denied Wireless => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: Denied Test => Internet Comm Detail CCF: DMZ Communication Detail CCF: Internet Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Network Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Inet => Intrn Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: Invalid Test => Internet Comm Details CCF: AIE Denied Wireless => CDE Comm Details |
1.2.1.b: Examine firewall and router configurations to verify that inbound and outbound traffic is limited to that which is necessary for the cardholder data environment. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Inet => Intrn Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Denied Wireless => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: Denied Test => Internet Comm Detail CCF: DMZ Communication Detail CCF: Internet Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Network Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Inet => Intrn Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: Invalid Test => Internet Comm Details CCF: AIE Denied Wireless => CDE Comm Details |
1.2.1.c: Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Inet => Intrn Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Denied Wireless => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: Denied Test => Internet Comm Detail CCF: DMZ Communication Detail CCF: Internet Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Network Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Inet => Intrn Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: Invalid Test => Internet Comm Details CCF: AIE Denied Wireless => CDE Comm Details |
1.2.2.a: Examine router configuration files to verify they are secured from unauthorized access. | Augment | CCF: Firewall Policy Synch Information AIE Rule | CCF: Firewall Policy Synch Failure Detail | CCF: AIE Firewall Policy Synch Summary CCF: Firewall Policy Synch Activity Summary CCF: AIE Firewall Policy Synch Details CCF: Firewall Policy Synch Activity Details |
1.2.2.b: Examine router configurations to verify they are synchronized. For example, the running (or active) configuration matches the start-up configuration (used when machines are booted). | Augment | CCF: Firewall Policy Synch Information AIE Rule | CCF: Firewall Policy Synch Failure Detail | CCF: AIE Firewall Policy Synch Summary CCF: Firewall Policy Synch Activity Summary CCF: AIE Firewall Policy Synch Details CCF: Firewall Policy Synch Activity Details |
1.2.3.b: Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment. | Augment | CCF: Denied Inet => Intrn Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule | CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Internet Communication Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Network Communication Detail | CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Invalid Inet => Intrn Comm Details |
1.3.1: Examine firewall and router configurations to verify that a DMZ is implemented to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports. | Augment | CCF: Denied Inet => Intrn Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule | CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Internet Communication Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Network Communication Detail | CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Invalid Inet => Intrn Comm Details |
1.3.2: Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ. | Augment | CCF: Denied Inet => Intrn Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule | CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Internet Communication Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Network Communication Detail | CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Invalid Inet => Intrn Comm Details |
(PCI 3.1 - 1.3.3): Examine firewall and router configurations to verify direct connections inbound or outbound are not allowed for traffic between the Internet and the cardholder data environment. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: DMZ Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Network Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: AIE Denied Wireless => CDE Comm Details |
1.3.3 (PCI 3.1 - 1.3.4): Examine firewall and router configurations to verify that anti-spoofing measures are implemented. For example, internal addresses cannot pass from the Internet into the DMZ. | Augment | CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule | CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: DMZ Communication Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Network Communication Detail | CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Internet => DMZ Comm Details |
1.3.4 (PCI 3.1 - 1.3.5): Examine firewall and router configurations to verify that outbound traffic from the cardholder data environment to the Internet is explicitly authorized. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Network Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied Internet => CDE Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid Internet => CDE Comm Details CCF: AIE Denied Wireless => CDE Comm Details |
1.4.a: Examine policies and configuration standards to verify: - Personal firewall software or equivalent functionality is required for all portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE. - Specific configuration settings are defined for personal firewall (or equivalent functionality). - Personal firewall (or equivalent functionality) is configured to actively run. - Personal firewall (or equivalent functionality) is configured to not be alterable by users of the portable computing devices. | Augment | CCF: Host Firewall Information AIE Rule | CCF: Host Firewall Failure Detail | CCF: AIE Host Firewall Activity Summary CCF: Host Firewall Activity Summary CCF: AIE Host Firewall Activity Details CCF: Host Firewall Activity Details |
2.1.a: Choose a sample of system components, and attempt to log on (with system administrator help) to the devices and applications using default vendor- supplied accounts and passwords, to verify that ALL default passwords (including those on operating systems, software that provides security services, application and system accounts, POS terminals, and Simple Network Management Protocol (SNMP) community strings) have been changed. (Use vendor manuals and sources on the Internet to find vendor-supplied accounts/passwords.) | Direct | CCF: Invalid Account Usage AIE Rule | CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail | CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details |
2.1.b: For the sample of system components, verify that all unnecessary default accounts (including accounts used by operating systems, security software, applications, systems, POS terminals, SNMP, etc.) are removed or disabled. | Direct | CCF: Invalid Account Usage AIE Rule | CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail | CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details |
2.2.2.a: Select a sample of system components and inspect enabled system services, daemons, and protocols to verify that only necessary services or protocols are enabled. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Inet => Intrn Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Denied Intrn => Inet Comm AIE Rule CCF: Denied Intrn => Intrn Comm AIE Rule CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Denied Wireless => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule CCF: Invalid Intrn => Inet Comm AIE Rule CCF: Invalid Intrn => Intrn Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule CCF: Invalid Wireless => CDE Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Denied Intrn => Inet Comm Detail CCF: AIE Denied Intrn => Intrn Comm Detail CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Denied Test => Intern Comm Detail CCF: AIE Denied Wireless => CDE Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: AIE Invalid Intrn => Inet Comm Detail CCF: AIE Invalid Intrn => Intrn Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: AIE Invalid Test => Intrn Comm Detail CCF: AIE Invalid Wless => CDE Comm Detail CCF: Application Access Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: Denied Intrn => Inet Comm Detail CCF: Denied Intrn => Intrn Comm Detail CCF: Denied Test => Internal Comm Detail CCF: Denied Test => Internet Comm Detail CCF: Denied Wireless => CDE Comm Detail CCF: DMZ Communication Detail CCF: Internal Communication Detail CCF: Internet Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Invalid Intrn => Inet Comm Detail CCF: Invalid Intrn => Intrn Comm Detail CCF: Invalid Test => Internal Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Invalid Wireless => CDE Comm Detail CCF: Network Communication Detail CCF: Test Communication Detail CCF: Wireless Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Denied Intrn => Inet Comm Summary CCF: AIE Denied Intrn => Intrn Comm Summary CCF: AIE Denied Test => Internal Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Denied Wireless => CDE Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: AIE Invalid Intrn => Inet Comm Summary CCF: AIE Invalid Intrn => Intrn Comm Summary CCF: AIE Invalid Test => Internal Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: AIE Invalid Wireless => CDE Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Denied Intrn => Inet Comm Summary CCF: Denied Intrn => Intrn Comm Summary CCF: Denied Test => Internal Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Denied Wireless => CDE Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: Invalid Intrn => Inet Comm Summary CCF: Invalid Intrn => Intrn Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: Invalid Wireless => CDE Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Denied Intrn => Inet Comm Details CCF: AIE Denied Intrn => Intrn Comm Details CCF: AIE Denied Test => Internal Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Denied Wireless => CDE Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: AIE Invalid Intrn => Inet Comm Details CCF: AIE Invalid Intrn => Intrn Comm Details CCF: AIE Invalid Test => Internal Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: AIE Invalid Wireless => CDE Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Denied Intrn => Inet Comm Details CCF: Denied Intrn => Intrn Comm Details CCF: Denied Test => Internal Comm Details CCF: Denied Test => Internet Comm Details CCF: Denied Wireless => CDE Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Inet => Intrn Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: Invalid Intrn => Inet Comm Details CCF: Invalid Intrn => Intrn Comm Details CCF: Invalid Test => Internal Comm Details CCF: Invalid Test => Internet Comm Details CCF: Invalid Wireless => CDE Comm Details |
2.2.2.b: Identify any enabled insecure services, daemons, or protocols and interview personnel to verify they are justified per documented configuration standards. | Augment | CCF: Denied CDE => Internet Comm AIE Rule CCF: Denied DMZ => Internal Comm AIE Rule CCF: Denied Inet => Intrn Comm AIE Rule CCF: Denied Internet => CDE Comm AIE Rule CCF: Denied Internet => DMZ Comm AIE Rule CCF: Denied Intrn => Inet Comm AIE Rule CCF: Denied Intrn => Intrn Comm AIE Rule CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Denied Wireless => CDE Comm AIE Rule CCF: Invalid CDE => Internet Comm AIE Rule CCF: Invalid DMZ => Internal Comm AIE Rule CCF: Invalid Inet => Intrn Comm AIE Rule CCF: Invalid Internet => CDE Comm AIE Rule CCF: Invalid Internet => DMZ Comm AIE Rule CCF: Invalid Intrn => Inet Comm AIE Rule CCF: Invalid Intrn => Intrn Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule CCF: Invalid Wireless => CDE Comm AIE Rule | CCF: AIE Denied CDE => Internet Comm Detail CCF: AIE Denied DMZ => Internal Comm Detail CCF: AIE Denied Inet => Intrn Comm Detail CCF: AIE Denied Internet => CDE Comm Detail CCF: AIE Denied Internet => DMZ Comm Detail CCF: AIE Denied Intrn => Inet Comm Detail CCF: AIE Denied Intrn => Intrn Comm Detail CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Denied Test => Intern Comm Detail CCF: AIE Denied Wireless => CDE Comm Detail CCF: AIE Invalid CDE => Inet Comm Detail CCF: AIE Invalid DMZ => Internal Comm Detail CCF: AIE Invalid Inet => CDE Comm Detail CCF: AIE Invalid Inet => DMZ Comm Detail CCF: AIE Invalid Inet => Intrn Comm Detail CCF: AIE Invalid Intrn => Inet Comm Detail CCF: AIE Invalid Intrn => Intrn Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: AIE Invalid Test => Intrn Comm Detail CCF: AIE Invalid Wless => CDE Comm Detail CCF: Application Access Detail CCF: CDE Communication Detail CCF: Denied CDE => Internet Comm Detail CCF: Denied DMZ => Internal Comm Detail CCF: Denied Inet => Intrn Comm Detail CCF: Denied Internet => CDE Comm Detail CCF: Denied Internet => DMZ Comm Detail CCF: Denied Intrn => Inet Comm Detail CCF: Denied Intrn => Intrn Comm Detail CCF: Denied Test => Internal Comm Detail CCF: Denied Test => Internet Comm Detail CCF: Denied Wireless => CDE Comm Detail CCF: DMZ Communication Detail CCF: Internal Communication Detail CCF: Internet Communication Detail CCF: Invalid CDE => Internet Comm Detail CCF: Invalid DMZ => Internal Comm Detail CCF: Invalid Inet => Intrn Comm Detail CCF: Invalid Internet => CDE Comm Detail CCF: Invalid Internet => DMZ Comm Detail CCF: Invalid Intrn => Inet Comm Detail CCF: Invalid Intrn => Intrn Comm Detail CCF: Invalid Test => Internal Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Invalid Wireless => CDE Comm Detail CCF: Network Communication Detail CCF: Test Communication Detail CCF: Wireless Communication Detail | CCF: AIE Denied CDE => Internet Comm Summary CCF: AIE Denied DMZ => Internal Comm Summary CCF: AIE Denied Inet => Intrn Comm Summary CCF: AIE Denied Internet => CDE Comm Summary CCF: AIE Denied Internet => DMZ Comm Summary CCF: AIE Denied Intrn => Inet Comm Summary CCF: AIE Denied Intrn => Intrn Comm Summary CCF: AIE Denied Test => Internal Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Denied Wireless => CDE Comm Summary CCF: AIE Invalid CDE => Internet Comm Summary CCF: AIE Invalid DMZ => Internal Comm Summary CCF: AIE Invalid Inet => Intrn Comm Summary CCF: AIE Invalid Internet => CDE Comm Summary CCF: AIE Invalid Internet => DMZ Comm Summary CCF: AIE Invalid Intrn => Inet Comm Summary CCF: AIE Invalid Intrn => Intrn Comm Summary CCF: AIE Invalid Test => Internal Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: AIE Invalid Wireless => CDE Comm Summary CCF: Denied CDE => Internet Comm Summary CCF: Denied DMZ => Internal Comm Summary CCF: Denied Inet => Intrn Comm Summary CCF: Denied Internet => CDE Comm Summary CCF: Denied Internet => DMZ Comm Summary CCF: Denied Intrn => Inet Comm Summary CCF: Denied Intrn => Intrn Comm Summary CCF: Denied Test => Internal Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Denied Wireless => CDE Comm Summary CCF: Invalid CDE => Internet Comm Summary CCF: Invalid DMZ => Internal Comm Summary CCF: Invalid Inet => Intrn Comm Summary CCF: Invalid Internet => CDE Comm Summary CCF: Invalid Internet => DMZ Comm Summary CCF: Invalid Intrn => Inet Comm Summary CCF: Invalid Intrn => Intrn Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: Invalid Wireless => CDE Comm Summary CCF: AIE Denied CDE => Internet Comm Details CCF: AIE Denied DMZ => Internal Comm Details CCF: AIE Denied Inet => Intrn Comm Details CCF: AIE Denied Internet => CDE Comm Details CCF: AIE Denied Internet => DMZ Comm Details CCF: AIE Denied Intrn => Inet Comm Details CCF: AIE Denied Intrn => Intrn Comm Details CCF: AIE Denied Test => Internal Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Denied Wireless => CDE Comm Details CCF: AIE Invalid CDE => Internet Comm Details CCF: AIE Invalid DMZ => Internal Comm Details CCF: AIE Invalid Inet => Intrn Comm Details CCF: AIE Invalid Internet => CDE Comm Details CCF: AIE Invalid Internet => DMZ Comm Details CCF: AIE Invalid Intrn => Inet Comm Details CCF: AIE Invalid Intrn => Intrn Comm Details CCF: AIE Invalid Test => Internal Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: AIE Invalid Wireless => CDE Comm Details CCF: Denied CDE => Internet Comm Details CCF: Denied DMZ => Internal Comm Details CCF: Denied Inet => Intrn Comm Details CCF: Denied Internet => CDE Comm Details CCF: Denied Internet => DMZ Comm Details CCF: Denied Intrn => Inet Comm Details CCF: Denied Intrn => Intrn Comm Details CCF: Denied Test => Internal Comm Details CCF: Denied Test => Internet Comm Details CCF: Denied Wireless => CDE Comm Details CCF: Invalid CDE => Internet Comm Details CCF: Invalid DMZ => Internal Comm Details CCF: Invalid Inet => Intrn Comm Details CCF: Invalid Internet => CDE Comm Details CCF: Invalid Internet => DMZ Comm Details CCF: Invalid Intrn => Inet Comm Details CCF: Invalid Intrn => Intrn Comm Details CCF: Invalid Test => Internal Comm Details CCF: Invalid Test => Internet Comm Details CCF: Invalid Wireless => CDE Comm Details |
2.2.3.a: Inspect configuration settings to verify that security features are documented and implemented for all insecure services, daemons, or protocols. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
2.2.3.b: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
2.3.b: Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access. | Augment | CCF: Denied Intrn => Inet Comm AIE Rule CCF: Denied Intrn => Intrn Comm AIE Rule CCF: Invalid Intrn => Inet Comm AIE Rule CCF: Invalid Intrn => Intrn Comm AIE Rule | CCF: AIE Denied Intrn => Inet Comm Detail CCF: AIE Denied Intrn => Intrn Comm Detail CCF: AIE Invalid Intrn => Inet Comm Detail CCF: AIE Invalid Intrn => Intrn Comm Detail CCF: Application Access Detail CCF: Denied Intrn => Inet Comm Detail CCF: Denied Intrn => Intrn Comm Detail CCF: Internal Communication Detail CCF: Invalid Intrn => Inet Comm Detail CCF: Invalid Intrn => Intrn Comm Detail | CCF: AIE Denied Intrn => Inet Comm Summary CCF: AIE Denied Intrn => Intrn Comm Summary CCF: AIE Invalid Intrn => Inet Comm Summary CCF: AIE Invalid Intrn => Intrn Comm Summary CCF: Denied Intrn => Inet Comm Summary CCF: Denied Intrn => Intrn Comm Summary CCF: Invalid Intrn => Inet Comm Summary CCF: Invalid Intrn => Intrn Comm Summary CCF: Non-Encrypted Protocol Summary CCF: AIE Denied Intrn => Inet Comm Details CCF: AIE Denied Intrn => Intrn Comm Details CCF: AIE Invalid Intrn => Inet Comm Details CCF: AIE Invalid Intrn => Intrn Comm Details CCF: Denied Intrn => Inet Comm Details CCF: Denied Intrn => Intrn Comm Details CCF: Invalid Intrn => Inet Comm Details CCF: Invalid Intrn => Intrn Comm Details CCF: Non-Encrypted Protocol Details |
2.3.e: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
3.6.7.a: Verify that key-management procedures specify processes to prevent unauthorized substitution of keys. | Augment | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
4.1.c: Select and observe a sample of inbound and outbound transmissions as they occur to verify that all cardholder data is encrypted with strong cryptography during transit. | Augment | CCF: Denied Intrn => Inet Comm AIE Rule CCF: Denied Intrn => Intrn Comm AIE Rule CCF: Invalid Intrn => Inet Comm AIE Rule CCF: Invalid Intrn => Intrn Comm AIE Rule | CCF: AIE Denied Intrn => Inet Comm Detail CCF: AIE Denied Intrn => Intrn Comm Detail CCF: AIE Invalid Intrn => Inet Comm Detail CCF: AIE Invalid Intrn => Intrn Comm Detail CCF: Application Access Detail CCF: Denied Intrn => Inet Comm Detail CCF: Denied Intrn => Intrn Comm Detail CCF: Internal Communication Detail CCF: Invalid Intrn => Inet Comm Detail CCF: Invalid Intrn => Intrn Comm Detail | CCF: AIE Denied Intrn => Inet Comm Summary CCF: AIE Denied Intrn => Intrn Comm Summary CCF: AIE Invalid Intrn => Inet Comm Summary CCF: AIE Invalid Intrn => Intrn Comm Summary CCF: Denied Intrn => Inet Comm Summary CCF: Denied Intrn => Intrn Comm Summary CCF: Invalid Intrn => Inet Comm Summary CCF: Invalid Intrn => Intrn Comm Summary CCF: Non-Encrypted Protocol Summary CCF: AIE Denied Intrn => Inet Comm Details CCF: AIE Denied Intrn => Intrn Comm Details CCF: AIE Invalid Intrn => Inet Comm Details CCF: AIE Invalid Intrn => Intrn Comm Details CCF: Denied Intrn => Inet Comm Details CCF: Denied Intrn => Intrn Comm Details CCF: Invalid Intrn => Inet Comm Details CCF: Invalid Intrn => Intrn Comm Details CCF: Non-Encrypted Protocol Details |
4.1.f: Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.) | Augment | CCF: Denied Intrn => Inet Comm AIE Rule CCF: Denied Intrn => Intrn Comm AIE Rule CCF: Invalid Intrn => Inet Comm AIE Rule CCF: Invalid Intrn => Intrn Comm AIE Rule | CCF: AIE Denied Intrn => Inet Comm Detail CCF: AIE Denied Intrn => Intrn Comm Detail CCF: AIE Invalid Intrn => Inet Comm Detail CCF: AIE Invalid Intrn => Intrn Comm Detail CCF: Application Access Detail CCF: Denied Intrn => Inet Comm Detail CCF: Denied Intrn => Intrn Comm Detail CCF: Internal Communication Detail CCF: Invalid Intrn => Inet Comm Detail CCF: Invalid Intrn => Intrn Comm Detail | CCF: AIE Denied Intrn => Inet Comm Summary CCF: AIE Denied Intrn => Intrn Comm Summary CCF: AIE Invalid Intrn => Inet Comm Summary CCF: AIE Invalid Intrn => Intrn Comm Summary CCF: Denied Intrn => Inet Comm Summary CCF: Denied Intrn => Intrn Comm Summary CCF: Invalid Intrn => Inet Comm Summary CCF: Invalid Intrn => Intrn Comm Summary CCF: Non-Encrypted Protocol Summary CCF: AIE Denied Intrn => Inet Comm Details CCF: AIE Denied Intrn => Intrn Comm Details CCF: AIE Invalid Intrn => Inet Comm Details CCF: AIE Invalid Intrn => Intrn Comm Details CCF: Denied Intrn => Inet Comm Details CCF: Denied Intrn => Intrn Comm Details CCF: Invalid Intrn => Inet Comm Details CCF: Invalid Intrn => Intrn Comm Details CCF: Non-Encrypted Protocol Details |
4.1.g: For TLS implementations, examine system configurations to verify that TLS is enabled whenever cardholder data is transmitted or received. For example, for browser-based implementations: - “HTTPS” appears as the browser Universal Record. - Locator (URL) protocol. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
4.1.h: If SSL/early TLS is used, perform testing procedures in Appendix A2: Additional PCI DSS Requirements for Entities using SSL/Early TLS. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
5.1: For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. | Augment | CCF: Antivirus Information AIE Rule | CCF: Antivirus Failure Detail | CCF: AIE Antivirus Activity Summary CCF: Antivirus Activity Summary CCF: AIE Antivirus Activity Details CCF: Antivirus Activity Details |
5.2.b: Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are: - Configured to perform automatic updates, and - Configured to perform periodic scans. | Augment | CCF: Antivirus Information AIE Rule | CCF: Antivirus Failure Detail CCF: Signature Update Failure Detail | CCF: AIE Antivirus Activity Summary CCF: Antivirus Activity Summary CCF: Signature Update Activity Summary CCF: AIE Antivirus Activity Details CCF: Antivirus Activity Details CCF: Signature Update Activity Details |
5.2.c: Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that: - The anti-virus software and definitions are current. - Periodic scans are performed. | Augment | CCF: Antivirus Information AIE Rule | CCF: Antivirus Failure Detail CCF: Signature Update Failure Detail | CCF: AIE Antivirus Activity Summary CCF: Antivirus Activity Summary CCF: Signature Update Activity Summary CCF: AIE Antivirus Activity Details CCF: Antivirus Activity Details CCF: Signature Update Activity Details |
5.2.d: Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that: - Anti-virus software log generation is enabled, and - Logs are retained in accordance with PCI DSS Requirement 10.7. | Direct | CCF: Antivirus Information AIE Rule | CCF: Antivirus Failure Detail CCF: Malware Detail CCF: Signature Update Failure Detail | CCF: AIE Antivirus Activity Summary CCF: Antivirus Activity Summary CCF: Signature Update Activity Summary CCF: AIE Antivirus Activity Details CCF: Antivirus Activity Details CCF: Signature Update Activity Details |
6.2.b: For a sample of system components and related software, compare the list of security patches installed on each system to the most recent vendor security-patch list, to verify the following: - That applicable critical vendor-supplied security patches are installed appropriately. | Direct | CCF: Configuration Change Rule CCF: Policy Change Rule | CCF: Software Update Failure Detail CCF: Signature Update Failure Inv CCF: Patch Update Failure Inv CCF: Configuration Change Inv CCF: Policy Change Inv | CCF: Software Update Activity Summary CCF: Signature Update Failure Summary CCF: Patch Update Failure Summary CCF: Configuration Change Summary CCF: Policy Change Summary CCF: Software Update Activity Details CCF: Signature Update Failure Detail CCF: Patch Update Failure Detail CCF: Configuration Change Detail CCF: Policy Change Detail |
6.3.a: Examine written software-development processes to verify that the processes are based on industry standards and/or best practices. | Augment | N/A | N/A | N/A |
6.3.b: Examine written software-development processes to verify that information security is included throughout the life cycle. | Augment | N/A | N/A | N/A |
6.3.c: Examine written software-development processes to verify that software applications are developed in accordance with PCI DSS. | Augment | N/A | N/A | N/A |
6.3.d: Interview software developers to verify that written software-development processes are implemented. | Augment | N/A | N/A | N/A |
6.4.1.a: Examine network documentation and network device configurations to verify that the development/test environments are separate from the production environment(s). | Augment | CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Denied Test => Intern Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: AIE Invalid Test => Intrn Comm Detail CCF: Denied Test => Internal Comm Detail CCF: Denied Test => Internet Comm Detail CCF: Invalid Test => Internal Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Test Communication Detail | CCF: AIE Denied Test => Internal Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid Test => Internal Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied Test => Internal Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: AIE Denied Test => Internal Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid Test => Internal Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied Test => Internal Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid Test => Internal Comm Details CCF: Invalid Test => Internet Comm Details |
6.4.1.b: Examine access controls settings to verify that access controls are in place to enforce separation between the development/test environments and the production environment(s). | Augment | CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Denied Test => Intern Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: AIE Invalid Test => Intrn Comm Detail CCF: Denied Test => Internal Comm Detail CCF: Denied Test => Internet Comm Detail CCF: Invalid Test => Internal Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Test Communication Detail | CCF: AIE Denied Test => Internal Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid Test => Internal Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied Test => Internal Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: AIE Denied Test => Internal Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid Test => Internal Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied Test => Internal Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid Test => Internal Comm Details CCF: Invalid Test => Internet Comm Details |
6.4.2: Observe processes and interview personnel assigned to development/test environments and personnel assigned to production environments to verify that separation of duties is in place between development/test environments and the production environment. | Augment | CCF: Denied Test => Internal Comm AIE Rule CCF: Denied Test => Internet Comm AIE Rule CCF: Invalid Test => Internal Comm AIE Rule CCF: Invalid Test => Internet Comm AIE Rule | CCF: AIE Denied Test => Inet Comm Detail CCF: AIE Denied Test => Intern Comm Detail CCF: AIE Invalid Test => Inet Comm Detail CCF: AIE Invalid Test => Intrn Comm Detail CCF: Denied Test => Internal Comm Detail CCF: Denied Test => Internet Comm Detail CCF: Invalid Test => Internal Comm Detail CCF: Invalid Test => Internet Comm Detail CCF: Test Communication Detail | CCF: AIE Denied Test => Internal Comm Summary CCF: AIE Denied Test => Internet Comm Summary CCF: AIE Invalid Test => Internal Comm Summary CCF: AIE Invalid Test => Internet Comm Summary CCF: Denied Test => Internal Comm Summary CCF: Denied Test => Internet Comm Summary CCF: Invalid Test => Internal Comm Summary CCF: Invalid Test => Internet Comm Summary CCF: AIE Denied Test => Internal Comm Details CCF: AIE Denied Test => Internet Comm Details CCF: AIE Invalid Test => Internal Comm Details CCF: AIE Invalid Test => Internet Comm Details CCF: Denied Test => Internal Comm Details CCF: Denied Test => Internet Comm Details CCF: Invalid Test => Internal Comm Details CCF: Invalid Test => Internet Comm Details |
6.4.3.a: Observe testing processes and interview personnel to verify procedures are in place to ensure production data (live PANs) are not used for testing or development. | Augment | N/A | N/A | N/A |
6.4.3.b: Examine a sample of test data to verify production data (live PANs) is not used for testing or development. | Augment | N/A | N/A | N/A |
6.4.4.a: Observe testing processes and interview personnel to verify test data and accounts are removed before a production system becomes active. | Augment | N/A | CCF: Test Data Activity on Prod Systems Inv | N/A |
6.4.4.b: Examine a sample of data and accounts from production systems recently installed or updated to verify test data and accounts are removed before the system becomes active. | Augment | N/A | CCF: Test Data Activity on Prod Systems Inv | N/A |
6.4.6: For a sample of significant changes, examine change records, interview personnel, and observe the affected systems/networks to verify that applicable PCI DSS requirements were implemented and documentation updated as part of the change. | Augment | CCF: Change Record Statistics | CCF: Change Record Statistics Inv | |
6.5.1: Examine software-development policies and procedures and interview responsible personnel to verify that injection flaws are addressed by coding techniques that include: - Validating input to verify user data cannot modify meaning of commands and queries. | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.5.2: Examine software-development policies and procedures and interview responsible personnel to verify that buffer overflows are addressed by coding techniques that include: - Validating buffer boundaries. - Truncating input strings. | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.5.4: Examine software-development policies and procedures and interview responsible personnel to verify that insecure communications are addressed by coding techniques that properly authenticate and encrypt all sensitive communications. | Augment | N/A | CCF: Vulnerability Detail | CCF: Non-Encrypted Protocol Summary CCF: Non-Encrypted Protocol Details |
6.5.5: Examine software-development policies and procedures and interview responsible personnel to verify that improper error handling is addressed by coding techniques that do not leak information via error messages (for example, by returning generic rather than specific errors). | Augment | N/A | CCF: Vulnerability Detail CCF: Critical/Error Detail | N/A |
6.5.6: Examine software-development policies and procedures and interview responsible personnel to verify that coding techniques address any “high risk” vulnerabilities that could affect the application, as identified in PCI DSS Requirement 6.1. | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.5.7: Examine software-development policies and procedures and interview responsible personnel to verify that cross-site scripting (XSS) is addressed by coding techniques that include: - Validating all parameters before inclusion. - Utilizing context-sensitive evasion | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.5.8: A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects with card data. | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.5.9: Examine software development policies and procedures and interview responsible personnel to verify that cross-site request forgery (CSRF) is addressed by coding techniques that ensure applications do not rely on authorization credentials and tokens automatically. | Augment | N/A | CCF: Vulnerability Detail | N/A |
6.6: For public-facing web applications, ensure that either one of the following methods is in place as follows: -- Examine documented processes, interview personnel, and examine records of application security assessments to verify that public-facing web applications are reviewed— using either manual or automated vulnerability security assessment tools or methods—as follows:
-- Examine the system configuration settings and interview responsible personnel to verify that an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) is in place as follows:
| Augment | N/A | CCF: Vulnerability Detail | N/A |
7.1.1: Select a sample of roles and verify access needs for each role are defined and include: - System components and data resources that each role needs to access for their job function. - Identification of privilege necessary for each role to perform their job. | Augment | N/A | CCF: Priv Acct Auth Detail CCF: Application Access Detail | CCF: Priv Access Granted/Revoked Summary CCF: Priv Authentication Activity Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Details CCF: Priv Authentication Activity Detail CCF: AIE Priv Access Granted/Revoked Details |
7.1.2.a: Interview personnel responsible for assigning access to verify that access to privileged user IDs is: - Assigned only to roles that specifically require such privileged access. - Restricted to least privileges necessary to perform job responsibilities. | Augment | N/A | CCF: Application Access Detail | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: Account Management Activity Details CCF: AIE Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details |
7.1.2.b: Select a sample of user IDs with privileged access and interview responsible management personnel to verify that privileges assigned are: - Necessary for that individual’s job function. - Restricted to least privileges necessary to perform job responsibilities. | Augment | N/A | CCF: Application Access Detail | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: Account Management Activity Details CCF: AIE Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details |
8.1.a: Review procedures and confirm they define processes for each of the items below at 8.1.1 through 8.1.8. | Augment | N/A | N/A | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Account Management Activity Details CCF: AIE Access Granted/Revoked Details CCF: Access Granted/Revoked Activity Details CCF: Account Management Activity Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.1.1: Interview administrative personnel to confirm that all users are assigned a unique ID for access to system components or cardholder data. | Augment | N/A | N/A | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Account Management Activity Details CCF: AIE Access Granted/Revoked Details CCF: Access Granted/Revoked Activity Details CCF: Account Management Activity Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.1.2: For a sample of privileged user IDs and general user IDs, examine associated authorizations and observe system settings to verify each user ID and privileged user ID has been implemented with only the privileges specified on the documented approval. | Augment | N/A | N/A | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Account Management Activity Details CCF: AIE Access Granted/Revoked Details CCF: Access Granted/Revoked Activity Details CCF: Account Management Activity Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.1.3.a: Select a sample of users terminated in the past six months, and review current user access lists, for both local and remote access, to verify that their IDs have been deactivated or removed from the access lists. | Augment | CCF: Account Disabled/Locked AIE Rule CCF: Invalid Account Usage AIE Rule | CCF: Account Termination Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Account Disable/Locked Detail CCF: AIE Account Disable/Locked Detail | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.1.3.b: Verify all physical authentication methods, such as smart cards, tokens, etc., have been returned or deactivated. | Augment | CCF: Physical Access Usage AIE Rule | CCF: Physical Access Failure Detail | CCF: AIE Physical Security Auth Summary CCF: Physical Security Auth Activity Summary CCF: AIE Physical Security Auth Details CCF: Physical Security Auth Activity Details |
8.1.4: Observe user accounts to verify that any inactive accounts over 90 days old are either removed or disabled. | Augment | CCF: Account Disabled/Locked AIE Rule CCF: Invalid Account Usage AIE Rule | CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Account Disable/Locked Detail CCF: AIE Account Disable/Locked Detail | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.1.5.a: Interview personnel and observe processes for managing accounts used by vendors to access, support, or maintain system components to verify that accounts used by vendors for remote access are: - Disabled when not in use. - Enabled only when needed by the vendor. | Augment | CCF: Vendor Auth Activity AIE Rule | CCF: AIE Vendor Access Detail CCF: Vendor Access Detail CCF: Vendor Account Enabled Detail CCF: Vendor Authentication Detail | CCF: AIE Vendor Account Enabled Alert Summary CCF: AIE Vendor Authentication Summary CCF: Vendor Account Management Summary CCF: Vendor Authentication Summary CCF: Vendor Access Failure Summary CCF: Vendor Access Granted/Revoked Summary CCF: AIE Vendor Authentication Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail |
8.1.5.b: Interview personnel and observe processes to verify that vendor remote access accounts are monitored while being used. | Augment | CCF: Vendor Auth Activity AIE Rule | CCF: AIE Vendor Access Detail CCF: Vendor Access Detail CCF: Vendor Account Enabled Detail CCF: Vendor Authentication Detail | CCF: AIE Vendor Account Enabled Alert Summary CCF: AIE Vendor Authentication Summary CCF: Vendor Account Management Summary CCF: Vendor Authentication Summary CCF: Vendor Access Granted/Revoked Summary CCF: Vendor Access Failure Summary CCF: AIE Access Granted/Revoked Details CCF: AIE Vendor Authentication Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Vendor Authentication Details CCF: Access Granted/Revoked Activity Details CCF: Vendor Access Failure Detail |
8.1.6.a: For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than six invalid logon attempts. | Augment | CCF: Account Disabled/Locked AIE Rule | CCF: Configuration/Policy Change Detail CCF: Account Disable/Locked Detail CCF: AIE Account Disable/Locked Detail | CCF: Configuration/Policy Change Summary CCF: Access Granted/Revoked Activity Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Access Granted/Revoked Summary CCF: Access Granted/Revoked Activity Details CCF: Configuration/Policy Change Details CCF: AIE Access Granted/Revoked Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details CCF: Vendor Access Granted/Revoked Details CCF: Database Access Granted/Revoked Summary |
8.1.6.b: Additional testing procedure for service provider assessments only: Review internal processes and customer/user documentation, and observe implemented processes to verify that non-consumer customer user accounts are temporarily locked-out after not more than 10 attempts. | Augment | CCF: Vendor Auth Activity AIE Rule CCF: Account Disabled/Locked AIE Rule | CCF: AIE Vendor Access Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Vendor Account Enabled Detail CCF: Configuration/Policy Change Detail CCF: Account Disable/Locked Detail CCF: AIE Account Disable/Locked Detail | CCF: AIE Vendor Account Enabled Alert Summary CCF: AIE Vendor Authentication Summary CCF: Vendor Access Failure Summary CCF: Vendor Account Management Summary CCF: Vendor Authentication Summary CCF: Configuration/Policy Change Summary CCF: Vendor Access Granted/Revoked Activity Summary CCF: AIE Vendor Authentication Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Configuration/Policy Change Details |
8.1.7: For a sample of system components, inspect system configuration settings to verify that password parameters are set to require that once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the password. | Augment | CCF: Account Disabled/Locked AIE Rule | CCF: Account Disable/Locked Detail CCF: AIE Account Disable/Locked Detail | CCF: Access Granted/Revoked Activity Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Vendor Access Granted/Revoked Activity Summary CCF: Database Access Granted/Revoked Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details |
8.2.5.a: For a sample of system components, obtain and inspect system configuration settings to verify that password parameters are set to require that new passwords cannot be the same as the four previously used passwords. | Augment | N/A | N/A | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.2.5.b: Additional testing procedure for service provider assessments only: Review internal processes and customer/user documentation to verify that new non-consumer customer user passwords cannot be the same as the previous four passwords. | Augment | N/A | N/A | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Access Granted/Revoked Summary CCF: Vendor Account Management Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.3.1.b: Observe a sample of administrator personnel login to the CDE and verify that at least two of the three authentication methods are used. | Augment | CCF: Personel Login Authentication Method Event | CCF: Personel Login Authentication Method Inv | |
8.5.c: Interview system administrators to verify that group and shared IDs and/or passwords or other authentication methods are not distributed, even if requested. | Augment | CCF: Invalid Account Usage AIE Rule | CCF: Account Termination Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: AIE Vendor Account Enabled Alert Summary CCF: Vendor Account Management Summary CCF: Vendor Access Granted/Revoked Summary CCF: Database Account Management Summary CCF: Database Access Granted/Revoked Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: AIE Invalid Account Usage Details CCF: Invalid Account Usage Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Database Account Management Details CCF: Database Access Granted/Revoked Details CCF: Priv Account Management Activity Details CCF: Priv Access Granted/Revoked Details CCF: AIE Priv Access Granted/Revoked Details |
8.7.a: Review database and application configuration settings and verify that all users are authenticated prior to access. | Augment | CCF: Database Authentication AIE Rule | CCF: AIE Database Authentication Detail AIE CCF: Database Authentication Detail CCF: Database Access Detail | CCF: AIE Database Authentication Summary CCF: Database Account Management Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Database Access Granted/Revoked Summary CCF: AIE Database Authentication Details CCF: Database Account Management Details CCF: Database Authentication Activity Details CCF: Database Access Failure Detail CCF: Database Access Granted/Revoked Detail |
8.7.c: Examine database access control settings and database application configuration settings to verify that user direct access to or queries of databases are restricted to database administrators. | Augment | CCF: Database Authentication AIE Rule | CCF: AIE Database Authentication Detail AIE CCF: Database Authentication Detail CCF: Database Access Detail | CCF: AIE Database Authentication Summary CCF: Database Account Management Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Database Access Granted/Revoked Summary CCF: AIE Database Authentication Details CCF: Database Account Management Details CCF: Database Authentication Activity Details CCF: Database Access Granted/Revoked Detail CCF: Database Access Failure Detail |
8.7.d: Examine database access control settings, database application configuration settings, and the related application IDs to verify that application IDs can only be used by the applications (and not by individual users or other processes). | Augment | CCF: Database Authentication AIE Rule | CCF: AIE Database Authentication Detail AIE CCF: Database Authentication Detail CCF: Database Access Detail | CCF: AIE Database Authentication Summary CCF: Database Account Management Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Database Access Granted/Revoked Summary CCF: AIE Database Authentication Details CCF: Database Account Management Details CCF: Database Authentication Activity Details CCF: Database Access Failure Detail CCF: Database Access Granted/Revoked Detail |
9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. - Verify that access is controlled with badge readers or other devices, including authorized badges. | Augment | CCF: Physical Access Usage AIE Rule | CCF: Physical Access Failure Detail | CCF: AIE Physical Security Auth Summary CCF: Physical Security Auth Activity Summary CCF: AIE Physical Security Auth Details CCF: Physical Security Auth Activity Details |
9.1.1.a: Verify that either video cameras or access control mechanisms (or both) are in place to monitor the entry/exit points to sensitive areas. | Augment | CCF: Physical Access Usage AIE Rule | CCF: Physical Access Failure Detail | CCF: AIE Physical Security Auth Summary CCF: Physical Security Auth Activity Summary CCF: AIE Physical Security Auth Details CCF: Physical Security Auth Activity Details |
9.1.2: Interview responsible personnel and observe locations of publicly accessible network jacks to verify that physical and/or logical controls are in place to restrict access to publicly accessible network jacks. | Augment | CCF: Physical Access Usage AIE Rule | CCF: Physical Access Failure Detail | CCF: AIE Physical Security Auth Summary CCF: Physical Security Auth Activity Summary CCF: AIE Physical Security Auth Details CCF: Physical Security Auth Activity Details |
9.3.c: Select a sample of recently terminated employees and review access control lists to verify the personnel do not have physical access to sensitive areas. | Augment | CCF: Physical Access Usage AIE Rule | CCF: Physical Access Failure Detail | CCF: AIE Physical Security Auth Summary CCF: Physical Security Auth Activity Summary CCF: AIE Physical Security Auth Details CCF: Physical Security Auth Activity Details |
9.7.1: Review media inventory logs to verify that logs are maintained and media inventories are performed at least annually. | Augment | CCF: Backup Information AIE Rule | CCF: Backup Failure Detail | CCF: AIE Backup Activity Summary CCF: Backup Activity Summary CCF: AIE Backup Activity Details CCF: Backup Activity Details |
9.9: Examine documented policies and procedures to verify they include: - Maintaining a list of devices. - Periodically inspecting devices to look for tampering or substitution. - Training personnel to be aware of suspicious behavior and to report tampering or suspicious activity. | Augment | N/A | N/A | N/A |
9.9.2.b: Interview responsible personnel and observe inspection processes to verify: - Personnel are aware of procedures for inspecting devices. - All devices are periodically inspected for evidence of tampering and substitution. | Augment | N/A | N/A | N/A |
10.1: Verify, through observation and interviewing the system administrator, that: - Audit trails are enabled and active for system components. - Access to system components is linked to individual users. | Direct | N/A | CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details | CCF: Priv Access Granted/Revoked Summary CCF: Priv Authentication Activity Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Priv Account Management Activity Details CCF: AIE Priv Access Granted/Revoked Details CCF: Priv Access Granted/Revoked Details CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail |
10.2: Through interviews of responsible personnel, observation of audit logs, and examination of audit log settings, perform the following: Examine audit log configurations and log data to verify that all individual user access to cardholder data is logged. | Direct | N/A | N/A | N/A |
10.2.1: Audit logs capture all individual user accesses to cardholder data | Direct | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details | CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
10.2.2: Verify all actions taken by any individual with root or administrative privileges are logged. | Direct | N/A | CCF: Configuration/Policy Change Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details | CCF: Access Granted/Revoked Activity Summary CCF: Account Management Activity Summary CCF: Configuration/Policy Change Summary CCF: Priv Authentication Activity Summary CCF: Priv Access Failure Summary CCF: Priv Access Granted/Revoked Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Access Granted/Revoked Activity Details CCF: AIE Access Granted/Revoked Details CCF: Account Management Activity Details CCF: Configuration/Policy Change Details CCF: Priv Access Granted/Revoked Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail |
10.2.3: Verify access to all audit trails is logged. | Augment | N/A | N/A | CCF: LogRhythm Usage Auditing Summary CCF: LogRhythm Usage Auditing by Date Details CCF: LogRhythm Usage Auditing by User Details |
10.2.4: Verify invalid logical access attempts are logged. | Direct | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
10.2.5.a: Verify use of identification and authentication mechanisms is logged. | Direct | N/A | CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details | CCF: Priv Access Granted/Revoked Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: User Priv Escalation (Windows) Summary CCF: Priv Authentication Activity Summary CCF: Priv Access Failure Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Priv Access Granted/Revoked Details CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail |
10.2.5.b: Verify all elevation of privileges is logged. | Direct | N/A | N/A | CCF: Priv Access Granted/Revoked Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: User Priv Escalation (Windows) Summary CCF: Priv Authentication Activity Summary CCF: Priv Access Failure Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Priv Access Granted/Revoked Details CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail |
10.2.5.c: Verify all changes, additions, or deletions to any account with root or administrative privileges are logged. | Direct | N/A | N/A | CCF: Priv Access Granted/Revoked Summary CCF: User Priv Escalation (SU & SUDO) Summary CCF: User Priv Escalation (Windows) Summary CCF: Priv Authentication Activity Summary CCF: Priv Access Failure Summary CCF: AIE Priv Access Granted/Revoked Summary CCF: Priv Account Management Activity Summary CCF: Priv Access Granted/Revoked Details CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail |
10.2.6: Verify the following are logged: - Initialization of audit logs. - Stopping or pausing of audit logs. | Augment | N/A | CCF: Audit Log Detail | CCF: Audit Log Summary CCF: Audit Log Details |
10.2.7: Verify creation and deletion of system level objects are logged. | Augment | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail CCF: Object Disposal Failure Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: Object Creation/Disposal Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details CCF: Object Creation/Disposal Activity Details |
10.3: Through interviews and observation of audit logs, for each auditable event (from 10.2), perform the following: | Direct | N/A | N/A | N/A |
10.3.1: Verify user identification is included in log entries. | Direct | N/A | N/A | N/A |
10.3.2: Verify type of event is included in log entries. | Direct | N/A | N/A | N/A |
10.3.3: Verify date and time stamp is included in log entries. | Direct | N/A | N/A | N/A |
10.3.4: Verify success or failure indication is included in log entries. | Direct | N/A | N/A | N/A |
10.3.5: Verify origination of event is included in log entries. | Direct | N/A | N/A | N/A |
10.3.6: Verify identity or name of affected data, system component, or resources is included in log entries. | Direct | N/A | N/A | N/A |
10.4: Examine configuration standards and processes to verify that time- synchronization technology is implemented and kept current per PCI DSS Requirements 6.1 and 6.2. | Direct | N/A | N/A | N/A |
10.4.1.a: Examine the process for acquiring, distributing and storing the correct time within the organization to verify that: - Only the designated central time server(s) receives time signals from external sources, and time signals from external sources are based on industry-accepted standards. | Direct | N/A | CCF: Configuration/Policy Change Detail | CCF: Configuration/Policy Change Summary CCF: Configuration/Policy Change Details |
10.4.2.b: Examine system configurations, time synchronization settings and logs, and processes to verify that any changes to time settings on critical systems are logged, monitored, and reviewed. | Augment | N/A | N/A | CCF: Time Sync Errors Summary |
10.5: Audit log files are protected to prevent modifications by individuals. | Direct | N/A | N/A | N/A |
10.5.1: Only individuals who have a job-related need can view audit trail files. | Direct | N/A | N/A | N/A |
10.5.2: Current audit trail files are protected from unauthorized modifications via access control mechanisms, physical segregation, and/or network segregation. | Direct | N/A | N/A | N/A |
10.5.3: Current audit trail files are promptly backed up to a centralized log server or media that is difficult to alter. | Direct | N/A | N/A | N/A |
10.5.4: Verify that logs for external-facing technologies (for example, wireless, firewalls, DNS, mail) are offloaded or copied onto a secure centralized internal log server or media. | Direct | N/A | N/A | CCF: Log Volume Summary |
10.5.5: Examine system settings, monitored files, and results from monitoring activities to verify the use of file-integrity monitoring or change-detection software on logs. | Direct | CCF: FIM Modify Activity AIE Rule | CCF: FIM Activity Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
10.6.1.a: Examine security policies and procedures to verify that procedures are defined for reviewing the following at least daily, either manually or via log tools: - All security events. - Logs of all system components that store, process, or transmit CHD and/or SAD. | Augment | N/A | N/A | CCF: LogRhythm Usage Auditing Summary CCF: LogRhythm Usage Auditing by Date Details CCF: LogRhythm Usage Auditing by User Details |
10.6.1.b: Observe processes and interview personnel to verify that the following are reviewed at least daily: - All security events. - Logs of all system components that store, process, or transmit CHD and/or SAD. - Logs of all critical system components. - Logs of all servers and system components that perform security functions (for example, network security controls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers). | Augment | N/A | N/A | CCF: LogRhythm Usage Auditing Summary CCF: LogRhythm Usage Auditing by Date Details CCF: LogRhythm Usage Auditing by User Details |
10.6.2.a: Examine security policies and procedures to verify that procedures are defined for reviewing logs of all other system components periodically, either manually or via log tools, based on the organization’s policies and risk management strategy. | Augment | N/A | N/A | CCF: LogRhythm Usage Auditing Summary CCF: LogRhythm Usage Auditing by Date Details CCF: LogRhythm Usage Auditing by User Details |
10.7.b: Interview personnel and examine audit logs to verify that audit logs are retained for at least one year. | Direct | N/A | N/A | CCF: Log Volume Summary |
10.7.c: Interview personnel and observe processes to verify that at least the last three months’ logs are immediately available for analysis. | Direct | N/A | N/A | CCF: Log Volume Summary |
10.8.b: Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert. | Direct | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
10.8.1.b: Examine records to verify that security control failures are documented to include: - Identification of cause(s) of the failure, including root cause. - Duration (date and time start and end) of the security failure. - Details of the remediation required to address the root cause. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
11.1.b: Verify that the methodology is adequate to detect and identify any unauthorized wireless access points, including at least the following: - WLAN cards inserted into system components. - Portable or mobile devices attached to system components to create an authoritative list. | Augment | N/A | CCF: Rouge WAP Detail | CCF: Rogue WAP Summary CCF: Rogue WAP Detail |
11.1.d: If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to notify personnel. | Augment | N/A | CCF: Rouge WAP Detail | CCF: Rogue WAP Summary CCF: Rogue WAP Detail |
11.4.a: Examine system configurations and network diagrams to verify that techniques (such as intrusion-detection systems and/or intrusion-prevention systems) are in place to monitor all traffic: - At the perimeter of the cardholder data environment. - At critical points in the cardholder data environment. | Augment | N/A | CCF: Malware Detail CCF: Reconnaissance/Suspicious Detail CCF: Security Activity Detail CCF: Security Event Detail CCF: Signature Update Failure Detail | CCF: Security Event by Impacted App Summary CCF: Security Event by Impacted Host Summary CCF: Security Event by Log Source Ent Summary CCF: Security Event by Origin Host Summary CCF: Signature Update Activity Summary CCF: Top Attackers Summary CCF: Top Suspicious Users Summary CCF: Top Targeted Applications Summary CCF: Top Targeted Hosts Summary CCF: Security Event by Impacted App Details CCF: Security Event by Impacted Host Details CCF: Security Event by Log Source Ent Details CCF: Security Event by Origin Host Details CCF: Signature Update Activity Details |
11.4.b: Examine system configurations and interview responsible personnel to confirm intrusion-detection and/or intrusion-prevention techniques alert personnel of suspected compromises. | Augment | N/A | CCF: Malware Detail CCF: Reconnaissance/Suspicious Detail CCF: Security Activity Detail CCF: Security Event Detail CCF: Signature Update Failure Detail | CCF: Security Event by Impacted App Summary CCF: Security Event by Impacted Host Summary CCF: Security Event by Log Source Ent Summary CCF: Security Event by Origin Host Summary CCF: Signature Update Activity Summary CCF: Top Attackers Summary CCF: Top Suspicious Users Summary CCF: Top Targeted Applications Summary CCF: Top Targeted Hosts Summary CCF: Security Event by Impacted App Details CCF: Security Event by Impacted Host Details CCF: Security Event by Log Source Ent Details CCF: Security Event by Origin Host Details CCF: Signature Update Activity Details |
11.4.c: Examine IDS/IPS configurations and vendor documentation to verify intrusion-detection and/or intrusion-prevention techniques are configured, maintained, and updated per vendor instructions to ensure optimal protection. | Augment | N/A | CCF: Malware Detail CCF: Reconnaissance/Suspicious Detail CCF: Security Activity Detail CCF: Security Event Detail CCF: Signature Update Failure Detail | CCF: Security Event by Impacted App Summary CCF: Security Event by Impacted Host Summary CCF: Security Event by Log Source Ent Summary CCF: Security Event by Origin Host Summary CCF: Signature Update Activity Summary CCF: Top Attackers Summary CCF: Top Suspicious Users Summary CCF: Top Targeted Applications Summary CCF: Top Targeted Hosts Summary CCF: Security Event by Impacted App Details CCF: Security Event by Impacted Host Details CCF: Security Event by Log Source Ent Details CCF: Security Event by Origin Host Details CCF: Signature Update Activity Details |
11.5.a: Verify the use of a change-detection mechanism by observing system settings and monitored files, as well as reviewing results from monitoring activities. Examples of files that should be monitored: - System executables. - Application executables. - Configuration and parameter files. - Centrally stored, historical or archived, log and audit files. - Additional critical files determined by entity (for example, through risk assessment or other means). | Direct | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
11.5.b: Verify the mechanism is configured to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files, and to perform critical file comparisons at least weekly. | Direct | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
12.3.8.b: Examine configurations for remote access technologies to verify that remote access sessions will be automatically disconnected after a specific period of inactivity. | Augment | CCF: Remote Session Timeout AIE Rule | N/A | CCF: AIE Remote Session Timeout Summary CCF: Remote Session Timeout Activity Summary CCF: AIE Remote Session Timeout Details CCF: Remote Session Timeout Activity Details |
12.3.9: Verify that the usage policies require activation of remote-access technologies used by vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use. | Augment | CCF: Vendor Auth Activity AIE Rule | CCF: Vendor Access Detail CCF: Vendor Authentication Detail CCF: Vendor Account Enabled Detail | CCF: AIE Vendor Account Enabled Alert Summary CCF: AIE Vendor Authentication Summary CCF: Vendor Account Management Summary CCF: Vendor Authentication Summary CCF: Vendor Access Failure Summary CCF: Vendor Access Granted/Revoked Summary CCF: AIE Vendor Authentication Details CCF: Vendor Account Management Details CCF: Vendor Access Granted/Revoked Details CCF: Vendor Authentication Details CCF: Vendor Account Management Details CCF: Vendor Access Failure Detail |
12.10.5: Verify through observation and review of processes that monitoring and responding to alerts from security monitoring systems are covered in the incident response plan. | Augment | CCF: Backup Information AIE Rule CCF: FIM Information AIE Rule | CCF: Backup Failure Detail CCF: FIM Failure Detail CCF: Malware Detail CCF: Operations Exception Detail CCF: Rouge WAP Detail CCF: Security Activity Detail CCF: Security Event Detail CCF: Vulnerability Detail | CCF: AIE Backup Activity Summary CCF: AIE FIM Critical/Error/Info Summary CCF: Backup Activity Summary CCF: FIM Critical/Error/Information Summary CCF: Rogue WAP Summary CCF: Security Event by Impacted App Summary CCF: Security Event by Impacted Host Summary CCF: Security Event by Log Source Ent Summary CCF: Security Event by Origin Host Summary CCF: Top Attackers Summary CCF: Top Suspicious Users Summary CCF: Top Targeted Applications Summary CCF: Top Targeted Hosts Summary CCF: AIE Backup Activity Details CCF: FIM Activity Details CCF: AIE FIM Critical/Error/Info Details CCF: Backup Activity Details CCF: FIM Critical/Error/Information Details CCF: LogRhythm Alarm And Response Details CCF: Rogue WAP Detail CCF: Security Event by Impacted App Details CCF: Security Event by Impacted Host Details CCF: Security Event by Log Source Ent Details CCF: Security Event by Origin Host Details |
12.11.a: Examine policies and procedures to verify that processes are defined for reviewing and confirming that personnel are following security policies and operational procedures, and that reviews cover: - Daily log reviews. - Firewall rule-set reviews. - Applying configuration standards to new systems. - Responding to security alerts. - Change management processes. | Augment | CCF: Configuration Change Rule CCF: Policy Change Rule | CCF: Software Update Failure Detail CCF: Signature Update Failure Inv CCF: Patch Update Failure Inv CCF: Configuration Change Inv CCF: Policy Change Inv | CCF: Software Update Activity Summary CCF: Signature Update Failure Summary CCF: Patch Update Failure Summary CCF: Configuration Change Summary CCF: Policy Change Summary CCF: Software Update Activity Details CCF: Signature Update Failure Detail CCF: Patch Update Failure Detail CCF: Configuration Change Detail CCF: Policy Change Detail |
A1.1: If a shared hosting provider allows entities (for example, merchants or service providers) to run their own applications, verify these application processes run using the unique ID of the entity. For example: - No entity on the system can use a shared web server user ID. - All CGI scripts used by an entity must be created and run as the entity’s unique user ID. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A1.2.b: Verify each entity (merchant, service provider) has read, write, or execute permissions only for files and directories it owns or for necessary system files (restricted via file system permissions, access control lists, chroot, jailshell, etc.) An entity’s files may not be shared by group. | Augment | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
A1.2.c: Verify that an entity’s users do not have write access to shared system binaries. | Augment | CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: AIE FIM Activity Details CCF: FIM Activity Details |
A1.3: Verify the shared hosting provider has enabled logging as follows, for each merchant and service provider environment: - Logs are enabled for common third-party applications. - Logs are active by default. - Logs are available for review by the owning entity. - Log locations are clearly communicated to the owning entity. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A2.1: For POS POI terminals (and the SSL/TLS termination points to which they connect) using SSL and/or early TLS: - Confirm the entity has documentation (for example, vendor documentation, system/network configuration details, etc.) that verifies the devices are not susceptible to any known exploits for SSL/early TLS. Or: - Complete A2.2 below. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
A2.2: Review the documented Risk Mitigation and Migration Plan to verify it includes: - Description of usage, including what data is being transmitted, types and number of systems that use and/or support SSL/early TLS, type of environment; - Risk-assessment results and risk-reduction controls in place; - Description of processes to monitor for new vulnerabilities associated with SSL/early TLS; - Description of change control processes that are implemented to ensure SSL/early TLS is not implemented into new environments; and - Overview of migration project plan including target migration completion date no later than June 30, 2018. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail |
A2.3: Examine system configurations and supporting documentation to verify the service provider offers a secure protocol option for their service. | Augment | CCF: TLS Activity CCF: SSL Activity | CCF: TLS/SSL Activity | CCF: TLS/SSL Summary CCF: Early TLS/SSL Version Summary CCF: Non-Encrypted Protocol Summary CCF: TLS/SSL Detail CCF: Early TLS/SSL Version Detail CCF: Non-Encrypted Protocol Details |
A3.1.1.c: Examine executive management and board of directors meeting minutes and/or presentations to ensure PCI DSS compliance initiatives and remediation activities are communicated at least annually. | Augment Report Packages | |||
A3.2.2.1: For a sample of systems and network changes, examine change records, interview personnel and observe the affected systems/networks to verify that applicable PCI DSS requirements were implemented and documentation updated as part of the change. | Augment Use of Case Management for storing samples General strategy applied to the following controls: -6.4.3 -6.4.4 -6.4.6 -8.3.1.b | |||
A3.2.5.b: Examine results from recent data discovery efforts, and interview responsible personnel to verify that data discovery is performed at least quarterly and upon significant changes to the cardholder environment or processes. | Augment | CCF: Configuration Change Rule CCF: Policy Change Rule CCF: FIM Add Activity AIE Rule CCF: FIM Delete Activity AIE Rule CCF: FIM Group Change Activity AIE Rule CCF: FIM Modify Activity AIE Rule CCF: FIM Owner Change Activity AIE Rule CCF: FIM Permission Activity AIE Rule | CCF: Software Update Failure Detail CCF: Signature Update Failure Inv CCF: Patch Update Failure Inv CCF: Configuration Change Inv CCF: Policy Change Inv CCF: AIE FIM ADD/Delete/Mod Activity Detail CCF: AIE FIM Permission Change Detail CCF: FIM Activity Detail CCF: FIM ADD/Delete/Mod Activity Detail CCF: FIM Permission Change Detail | CCF: Software Update Activity Summary CCF: Signature Update Failure Summary CCF: Patch Update Failure Summary CCF: Configuration Change Summary CCF: Policy Change Summary CCF: AIE FIM Activity Summary CCF: FIM Activity Summary CCF: Software Update Activity Details CCF: Signature Update Failure Detail CCF: Patch Update Failure Detail CCF: Configuration Change Detail CCF: Policy Change Detail CCF: AIE FIM Activity Details CCF: FIM Activity Details |
A3.2.6.b: Examine audit logs and alerts, and interview responsible personnel to verify that alerts are investigated. | Augment Case Management | N/A | N/A | N/A |
A3.3.1.a: Examine documented policies and procedures to verify that processes are defined to immediately detect and alert on critical security control failures. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A3.3.1.b: Examine detection and alerting processes and interview personnel to verify that processes are implemented for all critical security controls, and that failure of a critical security control results in the generation of an alert. Relates to 10.8 | Direct | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A3.3.1.1.b: Examine records to verify that security control failures are documented to include: - Identification of cause(s) of the failure, including root cause. - Duration (date and time start and end) of the security failure. - Details of the remediation required to address the root cause. Relates to 10.8. | Augment Case Management support Relates to 10.8.1 | N/A | N/A | N/A |
A3.3.3.a: Examine policies and procedures to verify that processes are defined for reviewing and verifying BAU activities. Verify the procedures include: - Confirming that all BAU activities (e.g., A3.2.2, A3.2.6, and A3.3.1) are being performed. - Confirming that personnel are following security policies and operational procedures (for example, daily log reviews, firewall rule-set reviews, configuration standards for new systems, etc.) - Documenting how the reviews were completed, including how all BAU activities were verified as being in place. - Collecting documented evidence as required for the annual PCI DSS assessment. - Reviewing and sign-off of results by executive management assigned responsibility for PCI DSS governance. - Retaining records and documentation for at least 12 months, covering all BAU activities. | Augment Case Management | N/A | N/A | N/A |
A3.3.3.b: Interview responsible personnel and examine records of reviews to verify that: - Reviews are performed by personnel assigned to the PCI DSS compliance program. - Reviews are performed at least quarterly. | Augment Case Management provides the ability to verify that daily reporting is performed. | N/A | N/A | N/A |
A3.4.1: Interview responsible personnel and examine supporting documentation to verify that: - User accounts and access privileges are reviewed at least every six months. - Reviews confirm that access is appropriate based on job function, and that all access is authorized. | Augment | CCF: Personel Login Authentication Method Event CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Personel Login Authentication Method Inv CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A3.5.1.a: Review documentation and interview personnel to verify a methodology is defined and implemented to identify attack patterns and undesirable behavior across systems in a timely manner, and includes the following: - Identification of anomalies or suspicious activity as it occurs. - Issuance of timely alerts to responsible personnel. - Response to alerts in accordance with documented response procedures. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
A3.5.1.b: Examine incident response procedures and interview responsible personnel to verify that: - On-call personnel receive timely alerts. - Alerts are responded to per documented response procedures. | Augment | CCF: Invalid Account Usage AIE Rule CCF: Database Authentication AIE Rule CCF: Vendor Auth Activity AIE Rule | CCF: Service Provider Failure and Critical Inv CCF: Authentication Failure Detail CCF: Access Failure Detail CCF: Vendor Authentication Detail CCF: Vendor Access Detail CCF: Database Authentication Detail CCF: Database Access Detail CCF: Priv Acct Auth Detail CCF: Priv Access Activity Details CCF: Audit Exception Detail | CCF: Service Provider Failure and Critical Summary CCF: Authentication Failure Summary CCF: Access Failure Summary CCF: Vendor Access Failure Summary CCF: Vendor Authentication Summary CCF: AIE Vendor Authentication Summary CCF: AIE Invalid Account Usage Summary CCF: Invalid Account Usage Summary CCF: Priv Authentication Activity Summary CCF: AIE Database Authentication Summary CCF: Database Authentication Activity Summary CCF: Database Access Failure Summary CCF: Service Provider Failure and Critical Detail CCF: Authentication Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Access Failure Detail (Do not include accounts on Priv or Vendor List or log source = DB; apply to critical environments) CCF: Vendor Authentication Details CCF: Vendor Access Failure Detail CCF: AIE Invalid Account Usage Detail CCF: Invalid Account Usage Detail CCF: Priv Authentication Activity Detail CCF: Priv Access Failure Detail CCF: Database Authentication Activity Detail CCF: Database Access Failure Detail |
