Setting up the PCI DSS Policy Reports for BigFix Compliance Analytics V2.0 and later

BigFix Compliance Analytics version 2.0 provides PCI DSS Policy reports that contain aggregated data across checklists, which identifies the level of compliance for a specific PCI DSS requirement or milestone. To generate the policy reports, complete the required setup.

About this task

You must configure both the BigFix console and BigFix Compliance Analytics to view the following PCI DSS Policy Reports:
  • PCI DSS Milestones View
  • PCI DSS Requirements View
  • PCI DSS Checklists

These reports retrieve compliance data results from custom sites, not from the external sites. To ensure a complete report of your deployment in the listed reports, configure custom sites for each PCI DSS external site containing the checks. This rule does not apply to the PCI DSS Reporting site.

Note: Endpoints that are subscribed to the PCI DSS external sites are shown in the SCM Checklists policy report. The configuration steps discussed in this section do not apply to the SCM Checklists policy report.

If there are several custom copies of a PCI DSS external site, an endpoint must be subscribed to only a single instance of the custom site. For example, if PCI DSS Checklist for RHEL 5 has two custom sites named RHEL 6-Custom1 and RHEL 6-Custom2, you must subscribe the endpoints to either RHEL 6-Custom1 or RHEL 6-Custom2 at a single time. If the endpoints are subscribed to both custom sites, ETL will fail during import. A sample message for the failure is as follows:

Duplicate Check Result(s) detected, you have fixlets with the same scm-id that 
belong to two different sites (external and custom site), you need to unsubscribe 
from external site and re-run Import.

Procedure

  1. From the BigFix console, create a custom site for each external PCI DSS checklist and subscribe endpoints to it.

    You can use the Create Custom Checklist dashboard from the SCM Reporting site to create custom copies of the checklists. For more information, see Creating custom checklists.

    Important: You can only use one custom copy of the PCI DSS external site. Do not subscribe the endpoints to the external sites because the results are not covered in the reporting.
  2. From the BigFix console, enable the PCI DSS Reporting site.
    1. Go to the BigFix Management and click License Overview . The dashboard opens.
    2. Scroll down the dashboard and find the Security and Compliance section, and enable the PCI DSS Reporting site.
    3. Click PCI DSS Reporting from the navigation tree.

    The PCI DSS Reporting site contains the metadata file that is needed to create policies in BigFix Compliance Analytics version 2.0 and later. You do not need to set the computer subscriptions for this site.

  3. Configure the API connection from BigFix Compliance Analytics.
    For more information about creating a data source, see Adding a data source.