Home
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Using checks and checklists
The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
Viewing check Fixlets from the HCL BigFix console
A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.

Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Overview
  HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
- Setup
  Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
- Using checks and checklists
  The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
  - Viewing check Fixlets from the HCL BigFix console
    A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.
  - Viewing checks from BigFix Compliance Analytics
    The compliance status of each PCI DSS check and checklist is calculated by BigFix Compliance Analytics during a periodic Extract Transform and Load (ETL) process.
  - Creating custom checklists
    Create custom copies of the PCI DSS content if you want to modify the checks based on a specific corporate policy. You can manually create a custom site to host the PCI DSS checklists or use the Create Custom Checklist wizard to create copies of the PCI DSS checklists and save them in a custom site.
  - Modifying check parameters
    In addition to monitoring compliance status and remediating settings that are out of compliance, you can also modify the values for the defined configuration settings according to company policies.
  - Remediating configuration settings
    The PCI DSS checklists support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.
- Understanding the results in BigFix Compliance Analytics
  Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
- Resources
  You can find more information about Security Configuration Management and PCI DSS in the following resources.

Viewing check Fixlets from the HCL BigFix console

A check Fixlet becomes relevant when a client computer is out of compliance with a configuration standard. By viewing the Configuration Management Fixlets, Console Operators can identify non-compliant computers and the corresponding standards.

Before you begin

Subscribe to the PCI DSS Fixlet sites to gain access to the check Fixlets.

About this task

Complete the following steps to view the check Fixlets in the HCL BigFix Console after subscribing and gathering the site content.

Procedure

From the Security Configuration domain, click All Security Configuration > Sites > External Sites.
Expand a checklist.
Click Fixlets and Tasks. The Fixlets and Tasks section opens.
Click one of the Fixlets displayed in the list.
The Fixlet opens with the following tabs: Description, Details, Applicable Computers, and Action History.
Click the Description tab to view the text that describes the Fixlet.
The Fixlet is applicable to a subset of endpoints on your network. The size of that subset is shown in the Applicable Computers tab.
A Fixlet typically has a description of the check appended with the rationale and guidelines of the actions for remediation. If the Fixlet is relevant, you must take an action listed in the Remediation section of the description to remediate the noncompliance. You can also access the associated analysis from the description.
Note: The Check ID refers to the Source ID of the Fixlet.
If you are using any of the checklists that contains Deploy and Run Task or Environment Setup Task, run the Environment Setup Task or Deploy and Run Task.

Note: Run the Environment Setup Task periodically to gather the latest results. For more information about this task, see Configuring endpoints.