Home
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Setup
Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
Accessing the PCI DSS Fixlet sites
Before you can access the security configuration checklists that are related to PCI DSS, you must acquire the sites and accept the license agreement. After you acquire the site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the PCI DSS content.

Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
  - Subscribing to the SCM reporting site
    To fully use the reporting functions in the BigFix Compliance Analytics, you must subscribe to the SCM reporting site.
  - Accessing the PCI DSS Fixlet sites
    Before you can access the security configuration checklists that are related to PCI DSS, you must acquire the sites and accept the license agreement. After you acquire the site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the PCI DSS content.
  - Configuring endpoints
    Some checklists require you to run the Environment Setup Task to populate the necessary properties on the endpoints to enable relevance evaluation. Run this task when it shows as relevant and refresh the results on the endpoint.
  - Setting up the PCI DSS Policy Reports for BigFix Compliance Analytics V2.0 and later
    BigFix Compliance Analytics version 2.0 provides PCI DSS Policy reports that contain aggregated data across checklists, which identifies the level of compliance for a specific PCI DSS requirement or milestone. To generate the policy reports, complete the required setup.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.

Accessing the PCI DSS Fixlet sites

Before you can access the security configuration checklists that are related to PCI DSS, you must acquire the sites and accept the license agreement. After you acquire the site, you must gather the contents of the site to your console. You must also subscribe your computers to the site so that they can access the PCI DSS content.

Before you begin

If you have enabled any of the PCI DSS beta sites in your environment, you must first remove them to avoid any conflicting issues with the production sites. If you fail to do so, the content in the production sites will fail.

About this task

You can access the PCI DSS sites only if you have a valid license for the HCL BigFix Compliance PCI Add-on component. For details about getting a license, contact HCL Software Support.

The procedure for acquiring the PCI DSS sites and gathering the contents of the site is similar to the procedure for other BigFix applications and sites. You can subscribe to a PCI DSS site by using the License Overview Dashboard from the BigFix Management domain only if you have purchased the license.

Procedure

From the BigFix console, go to the BigFix Management domain and click License Overview.
Scroll down to the PCI DSS Security and Compliance section of the License Overview dashboard.

Note: The PCI DSS Security and Compliance section will only be visible if you have purchased the license.
Click Enable beside the PCI DSS sites that you want to your computers to subscribe to.
The site is added as an external site in the HCL BigFix Console. It typically takes a few minutes for the contents to become available on your system.
Figure 1. License Overview dashboard
Go to the Security Configuration domain.
Click All Security Configuration > Sites > External Sites, and then click the added site.
Click the Computer Subscriptions tab to subscribe the computers to a site.

Note: Limit the access to the site to only the computers that you want to be able to use the PCI DSS checklists.