PCI-DSS Compliance Checklist
Meet Requirements with the WhatsUp Gold
Continuous Compliance Solution
PCI-DSS Requirement
WhatsUp Gold Solution
1.1.1 A formal process for approving and testing
all external network connections and changes to
the firewall and router configurations
WhatsUp Gold Layer 2/3 discovery and mapping identifies all
network connections to servers holding cardholder data, for both
wired and wireless.
1.1.6 Review firewall and router rule sets at
least every six months
WhatsConfigured provides complete configuration management
for your firewalls and routers, including:
Automatic tracking of all configuration changes
Real-time alerts of on any configuration changes,
misconfigurations and failures to internal policies
Reports comparing archived authorized configurations with
running configuration
1.1.2 Current network diagram with all
connections to cardholder data, including any
wireless networks
WhatsUp Gold automatically generates a complete Layer 2/3
topology map of your entire infrastructure to show all connections
to cardholder data. Layer 2/3 maps include:
Physical port-to-port and IP connectivity
At-a-glance maps for your wireless network
1.1.5 Documentation and business justification
for use of all services, protocols, and ports
allowed, including documentation of security
features implemented for those protocols
considered to be insecure
WhatsUp Gold automatically collects and documents
comprehensive inventory information including:
Bridge and switch port configurations
A list of configured protocols on each network device
1.3.3 Do not allow any direct routes inbound or
WhatsUp Gold Layer 2/3 discovery and mapping validates that
outbound for traffic between the Internet and the there is no direct connection between the Internet and any system
cardholder data environment
in the cardholder data environment.
Flow Monitor issues real-time alerts when a group of IP addresses
in the cardholder data environment are in communication with the
Internet.
2.1 Always change vendor-supplied defaults
WhatsConfigured automatically schedules and executes password
before installing a system on the network (for
changes across one or more devices on your network.
example, include passwords, simple network
management protocol (SNMP) community
strings, and elimination of unnecessary accounts)
2.2 Develop configuration standards for all
system components. Assure that these standards
address all known security vulnerabilities and
are consistent with industry-accepted system
hardening standards.
PCI-DSS Compliance Checklist
WhatsConfigured automates updating configuration changes
across multiple devices when security vulnerabilities warrant it -through on-demand or scheduled management tasks.
PCI-DSS Requirement
WhatsUp Gold Solution
5.1.1 Ensure that all antivirus programs are
capable of detecting, removing, and protecting
against all known types of malicious software
WhatsUp Gold Layer 2/3 discovery and inventory generates
a detailed report of all installed software and patch levels on
network and server devices.
5.2 Ensure that all antivirus mechanisms
are current, actively running, and capable of
generating audit logs
WhatsUp Gold validates that anti-virus software is running, and
generates a report comparing system uptime vs. anti-virus uptime
to identify any periods of exposure.
6.1 Ensure that all system components and
software have the latest vendor-supplied security
patches installed. Install critical security patches
within one month of release.
WhatsUp Gold automatically discovers all network devices,
servers and applications across your network.
8.5.1 Control addition, deletion, and modification
of user IDs, credentials, and other identifier
objects
The Log Management Suite continuously monitors Active
Directory Windows events in real-time and alerts when changes
occur.
10.2 Implement automated audit trails for all
system components to reconstruct the following
events:
The Log Management Suite automatically collects, archives and
securely stores complete audit trails of all log data across your
systems including key events such as logon failures and object
access attempts.
10.2.1 All individual user accesses to
cardholder data
WhatsUp Gold generates comprehensive inventory reports of all
IT assets deployed including vendor, model number, OS, patch
level, modules, etc.
10.2.2 All actions taken by any individual with
root or administrative privileges
10.2.3 Access to all audit trails
10.2.4 Invalid logical access attempts
10.2.5 Use of identification and authentication
mechanisms
10.2.6 Initialization of the audit logs
10.2.7 Creation and deletion of system-level
objects
10.3 Record at least the following audit trail
entries for all system components for each
event:
The Log Management Suite displays all log entries with type of
event, date and timestamp, and more.
10.3.1 User identification
10.3.2 Type of event
10.3.3 Date and time
10.3.4 Success or failure indication
10.3.5 Origination of event
10.3.6 Identity or name of affected data,
system component, or resource
PCI-DSS Compliance Checklist
PCI-DSS Requirement
WhatsUp Gold Solution
10.5.2 Protect audit trail files from unauthorized
modifications.
The Log Management Suite employs cryptographic hashing
to protect the integrity of your archived log data by preventing
tampering and modification.
10.5.3 Promptly back up audit trail files to a
centralized log server or media that is difficult to
alter.
10.5.5 Use file-integrity monitoring and change
The Log Management Suite provides real-time monitoring,
detection software on logs to ensure that existing reporting and alerting on Object Deletions, Object Access
log data cannot be changed without generating
Attempts, etc.
alerts.
The Log Management Suite automatically alerts on file, folder
11.5 Deploy file-integrity monitoring software
and object access or permission changes.
to alert personnel to unauthorized modification
WhatsConfigured automatically generates alerts on configuration
of critical system files, configuration files, or
file changes.
content files, and configure the software to
perform critical file comparisons at least weekly.
10.6 Review logs for all system components
at least daily. Log reviews must include
those servers that perform security functions
like intrusion detection system (IDS) and
authentication, authorization, and accounting
protocol (AAA) servers (for example, RADIUS).
The Log Management Suite provides views and allows mining
log data across all servers and workstations from one console
without needing to spot-check log files for security events,
since LMS pairs common security event identifiers with friendly
descriptions.
10.7 Retain audit trail history for at least
one year, with a minimum of three months
immediately available for analysis (for example,
online, archived, or restorable from back-up).
The Log Management Suite provides multi-year log storage/
archiving keeping your log data for as long as the IT compliance
regulation dictates.
For more information on WhatsUp Gold, please visit:
http://www.whatsupgold.com/products/whatsup-gold-core/
Try it free today for 30 days:
http://www.whatsupgold.com/products/download/
www.whatsupgold.com
Copyright 2012, Ipswitch, Inc. All rights reserved. WhatsUp is a registered trademark and Ipswitch is
a trademark of Ipswitch, Inc. Other products or company names are or may be trademarks or registered
trademarks and are the property of their respective holders.