Home
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Setup
Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
Setting up the PCI DSS Policy Reports for BigFix Compliance Analytics V2.0 and later
BigFix Compliance Analytics version 2.0 provides PCI DSS Policy reports that contain aggregated data across checklists, which identifies the level of compliance for a specific PCI DSS requirement or milestone. To generate the policy reports, complete the required setup.
Disabling the PCI DSS Policy Reports
If for any reason you decide not to use the PCI DSS Policy reporting after completing the configuration, you can still disable the reporting with a few steps.

Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
  - Subscribing to the SCM reporting site
    To fully use the reporting functions in the BigFix Compliance Analytics, you must subscribe to the SCM reporting site.
  - Accessing the PCI DSS Fixlet sites
    Before you can access the security configuration checklists that are related to PCI DSS, you must acquire the sites and accept the license agreement. After you acquire the site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the PCI DSS content.
  - Configuring endpoints
    Some checklists require you to run the Environment Setup Task to populate the necessary properties on the endpoints to enable relevance evaluation. Run this task when it shows as relevant and refresh the results on the endpoint.
  - Setting up the PCI DSS Policy Reports for BigFix Compliance Analytics V2.0 and later
    BigFix Compliance Analytics version 2.0 provides PCI DSS Policy reports that contain aggregated data across checklists, which identifies the level of compliance for a specific PCI DSS requirement or milestone. To generate the policy reports, complete the required setup.
    - Disabling the PCI DSS Policy Reports
      If for any reason you decide not to use the PCI DSS Policy reporting after completing the configuration, you can still disable the reporting with a few steps.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.

Disabling the PCI DSS Policy Reports

If for any reason you decide not to use the PCI DSS Policy reporting after completing the configuration, you can still disable the reporting with a few steps.

About this task

To disable the generation of PCI DSS Policy Reports in BigFix Compliance Analytics V2.0.9, complete the following steps.

Procedure

Disable the PCI DSS Reporting site from the BigFix console.
Do the following steps:
1. Go to the Security Configuration domain.
2. Click All Security Configuration > Sites > External Sites, and then click the PCI DSS Reporting site to open it.
  
  Note: You can also open the PCI DSS Reporting site from the License Overview dashboard.
3. From the Work Area Tool bar, click Remove.
Run a data import from the BigFix Compliance Analytics console.
For more information, see Importing data to BigFix Compliance Analytics.