Home
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Understanding the results in BigFix Compliance Analytics
Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
Viewing PCI DSS compliance results
This section shows how you can view the results of PCI DSS compliance at a checklist, checks, and check results levels.
Viewing custom reporting on BigFix Compliance Analytics V1.8 and earlier

Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
  - Starting BigFix Compliance Analytics
    Use any of the supported web browsers to open the web-based application.
  - Importing data to BigFix Compliance Analytics
    Depending on your configuration, the Extract Transform and Load (ETL) process that computes the compliance status of each check and checklist could take a long time. To ensure that you are viewing the latest reports, verify that the imports are configured to run automatically and that a recent import has completed successfully.
  - Viewing reports from BigFix Compliance Analytics
    BigFix Compliance Analytics displays reports that contain the compliance status of your deployment. Each PCI DSS checklist and its checks are exported periodically into Compliance Analytics.
  - Viewing PCI DSS compliance results
    This section shows how you can view the results of PCI DSS compliance at a checklist, checks, and check results levels.
    - Viewing reports on BigFix Compliance Analytics V2.0 and later
    - Viewing custom reporting on BigFix Compliance Analytics V1.8 and earlier
      - PCI DSS Requirements Reporting
        BigFix Compliance PCI Add-on provides additional reports to show a cumulative compliance state of your endpoints based on the PCI DSS Requirements.
      - PCI DSS Milestones Reporting
        BigFix Compliance PCI Add-on provides additional reports to show a cumulative compliance state of your endpoints based on the PCI DSS Milestones.
      - Saving customized reports
        Use the Saved Reports feature to retain a specific format for the report without creating the same settings for future use. The displayed columns and filters you used to customize the view are also saved.
  - Creating exceptions
    You can file for the endpoint to be excluded from the PCI DSS checks if some endpoints require compliance to older policies or standards.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.

Viewing custom reporting on BigFix Compliance Analytics V1.8 and earlier

Note: The PCI DSS Policy Reports are available only when you complete the steps described in Setting up custom reporting for BigFix Compliance Analytics V1.8 and earlier.

The concept of checklists in BigFix Compliance Analytics version 1.8 differs from previous versions. Previously, a checklist is equivalent to a BigFix site. However, with policy reporting being introduced in this version, a checklist can now be associated with a policy view.

A policy view is based on an approach to gain compliance for PCI DSS, such as PCI DSS requirement or PCI DSS milestone. For more information about policy views, see PCI DSS policies.

For simplicity, these checklists that are associated to policies will be referenced as Policy Checklists in this document.

Policy Checklists contain a collection of checks that run across multiple PCI DSS sites. These checklists provide a new way of reporting, which can help you better assess and identify the level of compliance in your organization.