Home
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Using checks and checklists
The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
Remediating configuration settings
The PCI DSS checklists support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.

Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
  - Viewing check Fixlets from the HCL BigFix console
    A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.
  - Viewing checks from BigFix Compliance Analytics
    The compliance status of each PCI DSS check and checklist is calculated by BigFix Compliance Analytics during a periodic Extract Transform and Load (ETL) process.
  - Creating custom checklists
    Create custom copies of the PCI DSS content if you want to modify the checks based on a specific corporate policy. You can manually create a custom site to host the PCI DSS checklists or use the Create Custom Checklist wizard to create copies of the PCI DSS checklists and save them in a custom site.
  - Modifying check parameters
    In addition to monitoring compliance status and remediating settings that are out of compliance, you can also modify the values for the defined configuration settings according to company policies.
  - Remediating configuration settings
    The PCI DSS checklists support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.

Remediating configuration settings

The PCI DSS checklists support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.

About this task

You can audit, assess, and remediate configuration settings using Security and Compliance Analytics (SCA), which is now known as BigFix Compliance Analytics. For Fixlet checks that can be automatically remediated, an action is displayed in the relevant Fixlet. You can take a remediation action only on the relevant and selected endpoints.

Note: Not all Fixlets have a remediation action.

Note: When the external global policy is enabled, any changes to the local endpoint is overwritten. In such case, the remediation action must be run using the external global policy solution.

Procedure

From the Security Configuration Domain, go to All Security Configuration > Fixlets and Tasks.
Expand the sub-folders to search for the Fixlet you want to enable.
In the Fixlet window, click the Description tab and scroll down to the Actions box.
Click in the Actions box link to remediate the specified policy issue.
Figure 1. Check containing an action for remediation
Set your parameters in the Take Action dialog and click OK.