Skip to content
  • There are no suggestions because the search field is empty.

Compliance Reports: Payment Card Industry (PCI)

The Payment Card Industry (PCI) Data Security Standard applies to all payment card industry members, merchants, and service providers that store, process, or transmit payment cardholder data. Additionally, these security requirements apply to all "system components" - any network component, server, or application included in, or connected to, the cardholder data environment.

Dependencies

The PCI compliance reports have the following dependencies.

  • SA Rules:

    Accounts Created

    Accounts Deleted

    Accounts Modified

    Admin Access to Compliance Systems Details

    Admin Access to Compliance Systems Summary

    Antivirus Signature Update

    Change in Audit Settings

    Encryption Failures

    Encryption Key Generation and Changes

    Failed Escalation of Privileges Details

    Firewall Configuration Changes

    Firmware Changes on Wireless Devices

    Group Management

    Inbound Network Traffic

    Logon Failures Details

    Logon Failures Summary

    Outbound Network Traffic

    Password Changes

    Router Configuration Changes

    Successful Escalation of Privileges Details

    System Clock Synchronization

    User Access Revoked

    User Access to Compliance Systems Details

    User Access to Compliance Systems Summary

    User Session Terminated Summary

  • SA Lists:

    Administrative Users

    Compliance Systems

  • App Rules:

    account:created

    account:deleted

    account:modified

    account:logon-success

    av:signature-update

    config:change-audit-setting

    encryption:failures

    encryption:key-gen-and-changes

    access:privilege-escalation-failure

    config:fw-config-changes

    config:firmware-config-changes

    account:group-management

    alm:inbound-network-traffic

    account:logon-failure

    alm:outbound-network-traffic

    account:password-change

    config:router-change

    access:privilege-escalation-success

    alm:system-clock-synch

    access:user-access-revoked

    account:logout


Citations

The PCI reports have the following Citations.

  • Report Rule: Antivirus Signature Update
  • Citation Number: § 5.2
  • Citation Description: 5.2 Ensure that all antivirus mechanisms are current, actively running, and generating audit logs.

  • Report Rule: Access to Compliance Data - Detail
    Access to Compliance Data - Top 25
  • Citation Number: § 10.2.1
  • Citation Description: 10.2.1 All individual accesses to cardholder data.

  • Report Rule: Accounts Created
  • Citation Number: § 8.5
  • Citation Description: 8.5 Ensure proper user identification and authentication management for non-consumer users and administrators on all system components.

  • Report Rule: Accounts Deleted
  • Citation Number: § 8.5
  • Citation Description: 8.5 Ensure proper user identification and authentication management for non-consumer users and administrators on all system components.

  • Report Rule: Accounts Modified
  • Citation Number: § 8.5
  • Citation Description: 8.5 Ensure proper user identification and authentication management for non-consumer users and administrators on all system components.

  • Report Rule: Admin Access to Compliance Systems - Detail
  • Citation Number: § 10.2.2
  • Citation Description: 10.2.2 All actions taken by any individual with root or administrative privileges

  • Report Rule: Admin Access to Compliance Systems - Top 25
  • Citation Number: § 10.2.2
  • Citation Description: 10.2.2 All actions taken by any individual with root or administrative privileges.

  • Report Rule: Change in Audit Settings
  • Citation Number: § 2.2.3
  • Citation Description: 2.2.3 Configure system security parameters to prevent misuse.

  • Report Rule: Encryption Failures
  • Citation Number: § 4
  • Citation Description: Requirement 4: Encrypt transmission of cardholder data across open, public networks.

  • Report Rule: Key Generation and Changes
  • Citation Number: § 4
  • Citation Description: Requirement 4: Encrypt transmission of cardholder data across open, public networks.

  • Report Rule: Escalation of Privileges - Detail
    Failed Escalation of Privileges - Top 25
  • Citation Number: § 7.1
  • Citation Description: 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.

  • Report Rule: Firewall Configuration Changes
  • Citation Number: § 6.4
  • Citation Description: 6.4 Follow change control processes and procedures for all changes to system components.

  • Report Rule: Firmware Changes Wireless Devices
  • Citation Number: § 6.4
  • Citation Description: 6.4 Follow change control processes and procedures for all changes to system components.

  • Report Rule: Group Management
  • Citation Number: § 7.1
  • Citation Description: 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.

  • Report Rule: Inbound Network Traffic - Top 25
  • Citation Number: § 1.2.1
  • Citation Description: 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.

  • Report Rule: Logon Failures - Detail
  • Citation Number: § 10.2.4
  • Citation Description: 10.2.4 Invalid logical access attempts.

  • Report Rule: Logon Failures - Top 25
  • Citation Number: § 10.2.4
  • Citation Description: 10.2.4 Invalid logical access attempts.

  • Report Rule: Outbound Network Traffic - Top 25
  • Citation Number: § 1.2.1
  • Citation Description: 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.

  • Report Rule: Password Changes - Detail
    Password Changes - Top 25
  • Citation Number: § 8.5
  • Citation Description: 8.5 Ensure proper user identification and authentication management for nonconsumer users and administrators on all system components.

  • Report Rule: Router Configuration Changes
  • Citation Number: § 6.4
  • Citation Description: 6.4 Follow change control processes and procedures for all changes to system components.

  • Report Rule: System Clock Synchronization
  • Citation Number: § 10.4
  • Citation Description: 10.4 Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.

  • Report Rule: User Access Revoked
  • Citation Number: § 8.5.4
  • Citation Description: 8.5.4 Immediately revoke access for any terminated users

  • Report Rule: User Access to Compliance Systems - Detail
  • Citation Number: § 10.2.1
  • Citation Description: 10.2.1 Verify all individual access to cardholder data is logged.

  • Report Rule: User Access to Compliance Systems - Top 25
  • Citation Number: § 10.2.1
  • Citation Description: 10.2.1 Verify all individual access to cardholder data is logged.

  • Report Rule: Account Management
  • Citation Number: § 8.5
  • Citation Description: 8.5 Ensure proper user identification and authentication management for non-consumer users and administrators on all system components.

  • Report Rule: User Session Terminated - Top 25
  • Citation Number: § 8.5.15
  • Citation Description: 8.5.15 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.

docFeedback.png

You are here
Table of Contents > Compliance Reports: Payment Card Industry (PCI)