PCI DSS checklists
SCM is organized through checklists that assess and manage the endpoint and server configurations. Each compliance checklist is distributed by BigFix as an external Fixlet site.
SCM provides a large number of checklists to report compliance and remediate endpoint security configurations based on industry best practices, such as Center of Internet Security (CIS) and Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG). HCL BigFix Compliance also provides security configuration checklists for Payment Card Industry Data Security Standard (PCI DSS) compliance.
Each PCI DSS checklist targets a specific type of operating system or middleware, and is composed of a collection of checks that get evaluated on the endpoints.
| Checklist Name | Supported Operating Systems and Servers |
|---|---|
| PCI DSS Checklist for AIX 6 | AIX 6.1 |
| PCI DSS Checklist for AIX 7 | AIX V7.1, V7.2 |
| PCI DSS Checklist for MS IIS 7 | Microsoft IIS 7 |
| PCI DSS Checklist for MS SQL 2008 | Microsoft SQL Server 2008 |
| PCI DSS Checklist for MS SQL 2012 | Microsoft SQL Server 2012 |
| PCI DSS Checklist for RHEL 5 | Red Hat Enterprise Linux 5 |
| PCI DSS Checklist for RHEL 6, CentOS 6 Note: If this site is not enabled, it
is displayed in the License Overview dashboard as PCI DSS Checklist for RHEL 6, CentOS 6. Otherwise,
it is listed as PCI DSS Checklist for RHEL 6, but supports both RHEL 6 and CentOS 6. |
Red Hat Enterprise Linux 6 CentOS 6 |
| PCI DSS Checklist for RHEL 7, CentOS 7 Note: If this site is not enabled, it is
displayed in the License Overview dashboard as PCI DSS Checklist for RHEL 7, CentOS 7. Otherwise, it
is listed as PCI DSS Checklist for RHEL 7, but supports both RHEL 7 and CentOS 7. |
Red Hat Enterprise Linux 7 CentOS 7 |
| PCI DSS Checklist for Solaris 10 | Solaris 10 |
| PCI DSS Checklist for Solaris 11 | Solaris 11 |
| PCI DSS Checklist for Windows 7 | Microsoft Windows 7 |
| PCI DSS Checklist for Windows 10 | Microsoft Windows 10 Enterprise (V10.0.10586 and V10.0.14393) |
| PCI DSS Checklist for Windows 2008 |
Microsoft Windows Server2008 |
| PCI DSS Checklist for Windows 2012 |
Microsoft Windows Server2012 |
| PCI DSS Checklist for Windows 2016 | Microsoft Windows Server 2016 |
| PCI DSS Checklist for Windows Embedded Standard 7 | Microsoft Windows Embedded Standard 7 |
| PCI DSS Checklist for Windows Embedded POSReady 7 | Microsoft Windows Embedded POSReady 7 |
| PCI DSS Checklist for Windows Embedded POSReady 2009 | Microsoft Windows Embedded POSReady 2009 |
PCI DSS checklist content
You can access a checklist by subscribing to the external Fixlet sites that are provided by SCM. A single site can contain checks for multiple requirements.
Each site contains a set of Fixlets and Analyses, where Fixlets or checks correspond to a specific configuration setting in accordance with the PCI DSS requirements. A Fixlet evaluates a system setting against a specific policy value and displays the compliance state of an endpoint. An analysis is associated to each Fixlet that retrieves the actual state of each configuration item on an endpoint.
Most of the Fixlets have a parameterized setting to enable customization for compliance evaluation.
Each Fixlet contains instructions on how to manually remediate a non-compliant endpoint. These steps can be found in the Description tab. Some of these Fixlets provide actions that you can take to automatically remediate non-compliant settings on endpoints. For more information about remediation support, see the PCI DSS Release Notes.
The compliance status of each PCI DSS check and checklist is calculated by Security and Compliance Analytics (SCA), which is now known as BigFix Compliance Analytics, during a periodic Extract Transform and Load (ETL) process. Some checklists require you to run the Environment Setup Task. For more information, see Configuring endpoints.