Qualys Scanning for PCI Devices University of Minnesota

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Qualys Scanning for PCI Devices University of Minnesota"

Transcription

1 Qualys is the vulnerability scanner that will be used to map and scan devices that are involved in credit card processing to meet the PCI-DSS quarterly internal scan and map requirement. This document provides background and responsibilities for how QualysGuard scanning, mapping and ticket remediation tracking will be used at the University of Minnesota by departments for servers and devices involved in credit card processing. Qualys maintains more extensive documentation of the product under Help on the QualysGuard Enterprise Suite menu bar. Scanner Responsibilities Follow the naming convention for Asset Groups (see Naming Conventions section). Create and maintain the list of IP addresses that should be included in the PCI list of devices that are on the University network. Include servers, desktops, printers, and other devices that are involved in credit card processing in your PCI-devices Asset Group. Discovery map your PCI subnet ranges (PCI-hostips Asset Group) at least monthly. Review the Map reports for unknown devices. Recommend scheduling daily maps. Scan all IP addresses in the PCI-devices Asset Group at least monthly. Recommend scheduling weekly scans when the devices are expected to be on-line using the PCI-hostips Asset Group. Review the scan results. o Fix and mitigate the high severity vulnerabilities flagged as PCI Failed within 30 days. Rerun the scan. o The list of hosts that were not alive during the scan is listed in the Appendix of the scan results. Schedule a follow up scan for when these devices will be powered on. Update your remediation plan/ mitigation strategy at least monthly for the open tickets created for high severity vulnerabilities. Use the Qualys Ticket Remediation to document proposed or approved remediation steps. Run PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP at least monthly to verify that all high severity vulnerabilities for PCI devices have been mitigated or resolved. Run the PCI Scan Report for Internal Scan report quarterly for all devices involved in credit card processing. For more information, see the section For the Quarterly Report. For the Quarterly Report: Compare the lists of host scanned for the current quarter to your unit s inventory list of hosts involved in credit card processing. All devices in your unit s inventory list must be scanned quarterly. Verify that the Reporting Asset Group PCI.COLLEGE.DEPT-Devices IP list has an entry (IP address) for each device that is involved in credit card processing Page 1 of 13

2 Verify that all hosts have a scan for the current quarter. Use the Asset Search feature for Asset Group PCI.COLLEGE.DEPT-Devices. Review the last scan date column. Verify that all PCI high severity vulnerabilities have been mitigated. Use the PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP report. Run and save a copy (outside of Qualys) of the PCI Scan Report for Internal Scan to document your unit s internal scan PCI compliance. Provide a copy to the Merchant Manager and University PCI Compliance office Naming Conventions Reporting Asset Groups: o PCI.COLLEGE.DEPT-Devices Map & Scan Asset Groups: o COLLEGE.DEPT.PCI-hostips Other asset groups should begin with: o COLLEGE.DEPT Vulnerabilities Qualys uses 3 categories for classifying vulnerabilities (confirmed, potential and information). Within the category, there are 5 levels for vulnerabilities. o Confirmed (red) Security weaknesses verified by an active test o Potential (yellow) Security weaknesses that need manual verification o Information (blue) Configuration data High Severity Vulnerabilities for PCI o Required: Fix vulnerabilities with PCI FAIL status - must have the high severity mitigated (i.e., patching/configuration, other compensating control or documented as a false positive) for reporting. o Hosts involved in credit card processing must mitigate the risk for all vulnerabilities that appear on the PCI reports. o Documentation of the mitigation plan or compensating controls for high severity vulnerabilities must be in the Qualys Ticket Remediation. Tickets for unmitigated vulnerabilities need to be documented within 30 days of scan. o For false positives, send documentation supporting your request to have it reviewed as a false positive to with subject PCI Internal Scan False Positive Request. Include the Qualys Ticket Remediation # and the IP address of the host. University Information Security group will review your request and respond. Priorities for Other Vulnerabilities o Recommended: Review Potential 4 & 5 (yellow) and fix, if applicable o Recommended: Review Confirmed 1, 2 & 3 (red) and fix, if applicable o Recommended: Review & assess the risk with the other vulnerabilities and fix if applicable Page 2 of 13

3 Additional information on Set Up, Scans, Maps, Ticket Remediation & Reports Asset Groups (See Asset Group Image) Go to Assets > Asset Groups Create a new group from the New menu or edit an existing group from the Quick Actions menu. Use the workflow to manage the asset group and click Save. o Follow the naming conventions for Asset Groups. o IPs, list all the IP addresses or IP ranges to be included in the Asset Group. o Domain, select None domain. o Scanner Appliances, select all listed. o Business/CVSS Information: o information on this tab is optional Scans (See Scan Asset Group, Scan Host and Scheduled Scan images) Go to Scans and choose New > Scan Enter scan details and click Launch. For scheduled scans, Go to Scans > Schedules and choose New > Schedule Scan Enter task details and click Save. o There are multiple scan policies and options for scheduling scans. Here are the basics. Schedule scan or scan immediately Option Profile: U of M Initial Options (default) Scanner Appliance: All Scanners in Asset Group; Select an internal scan appliance when listing IP addresses or ranges. If not scanning an asset group, the external scanner is used instead of internal. Scan by Asset Group, Select IPs or IP Range o When the scan is completed, review the scan report and mitigate the vulnerabilities identified. Scan Reports Quarterly- PCI Scan Report for Internal Scan Go to Reports. Then go to New > Scan Report > PCI Scan Template Type in title for the report Use the pull down on Template Based to select the report format (e.g., PCI Scan Report for Internal Scan) Select Report output format (e.g, PDF) Type in the Asset Group name or use the Select feature to search and select the asset group Page 3 of 13

4 Ad-Hoc Go to Reports. Then go to New > Scan Report > Template Based o There are multiple report formats available (see Report Templates section). Here are the basics. Type in title for the report Use the pull down on Template Based to select the report format (e.g., PCI+Confirmed 4-5 Technical Report- Select Asset Group or IP) Select Report output format (e.g, PDF, csv, etc) Type in the Asset Group name or use the Select feature to search and select the asset group Ticket Remediation Go to Remediation > Tickets Select Edit from the Quick Actions menu for a single ticket in the list. Or select multiple tickets in the list and select Edit from the Actions menu. o The main remediation policy will create tickets for all confirmed 4 & 5 or PCI related vulnerabilities for the IP s in PCI-Devices Asset Group. Tickets will be assigned to the user running the scan. Deadline date for determining overdue tickets will be 30 days Page 4 of 13

5 Report Templates o PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP Results as of the last scan Includes PCI FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report) or confirmed vulnerabilities at levels 4 & 5 Details on how to fix o PCI Scan Report for Internal Scan Results as of the last scan Includes PCI PASS and FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report). Details on how to fix o PCI Scan Report- Select Scan Results Use to run a PCI scan report for a prior period or a specific scan Results from a specific scan (includes option to include a specific IP) Includes PCI PASS and FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report). Details on how to fix o Technical Report- Select Asset Group or IP Results as of the last scan Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o Technical Report-Select Scan Results Results from a specific scan (includes option to include a specific IP) Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o UMN-Summary Report Results as of the last scan Includes all vulnerabilities (confirmed, potential, info) at all levels (1-5) No detail on how to fix Page 5 of 13

6 Maps (See Map Asset Group, Scheduled Map and Unknown Devices Report images) Go to Scans > Maps and choose New > Map Enter map details and click Launch. o Similar to nmap o There are multiple discovery map policies and options for scheduling maps. Here are the basics. Schedule a map or launch a map immediately Option Profile: University of Minnesota Initial Options (default) Scanner Appliance: Internal scan appliance Map by Asset Group, Select IPs or IP Range o When the map is completed, review the map report for anomalies. o To identify changes to the list of hosts that are on the network, use the Map Report-Unknown Devices Template. Go to Reports. Then go to New > Map Report > Template Based. Select Unknown Devices Report for Report Template Type in title for the report Select Report output format (e.g, PDF, csv, etc) Select the Map results to compare On the report, the status column will report if an IP address has been Added or Removed when comparing the 2 map results. If an IP address appears on both map results, the status is Active Page 6 of 13

7 Images Asset Group Go to Assets > Asset Groups Create a new group from the New menu or edit an existing group from the Quick Actions menu. Use the workflow to manage the asset group and click Save Page 7 of 13

8 Scan Asset Group Go to Scans and choose New > Scan Enter scan details and click Launch. Scan Host Page 8 of 13

9 Scheduled Scan Go to Scans > Schedules and choose New > Schedule Scan Enter task details and click Save. Scheduling workflow tab Page 9 of 13

10 Map an Asset Group Go to Scans > Maps and choose New > Map Enter map details and click Launch Page 10 of 13

11 Scheduled Map Go to Scans > Schedules and choose New > Schedule Map Enter task details and click Save. Target Domains workflow tab Page 11 of 13

12 Scheduling workflow tab Page 12 of 13

13 Unknown Devices Report Page 13 of 13

Qualys Scanning University of Minnesota

Qualys Scanning University of Minnesota Qualys is a vulnerability scanner that is used for critical servers and servers subject to compliance reporting. This scanner is not generally to be used for desktop or laptop scanning. OIT has purchased

More information

PCI Compliance. Network Scanning. Getting Started Guide

PCI Compliance. Network Scanning. Getting Started Guide PCI Compliance Getting Started Guide Qualys PCI provides businesses, merchants and online service providers with the easiest, most cost effective and highly automated way to achieve compliance with the

More information

Managing Qualys Scanners

Managing Qualys Scanners Q1 Labs Help Build 7.0 Maintenance Release 3 documentation@q1labs.com Managing Qualys Scanners Managing Qualys Scanners A QualysGuard vulnerability scanner runs on a remote web server. QRadar must access

More information

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9) Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning

More information

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...

More information

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008 GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3 May 1, 2008 Copyright 2006-2008 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys,

More information

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015 QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 1 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue Managed Service Solutions

More information

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE .trust TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE 2007 Table of Contents Introducing Trustwave Vulnerability Management 3 1 Logging In and Accessing Scans 4 1.1 Portal Navigation and Utility Functions...

More information

Security and Compliance Suite

Security and Compliance Suite Security and Compliance Suite Quick Tour The Qualys user interface is easy-to-use with powerful Web 2.0 capabilities featuring interactive dashboards, actionable menus and workflows, context-based interactions

More information

QualysGuard Asset Management

QualysGuard Asset Management QualysGuard Asset Management Quick Start Guide January 28, 2014 Dynamic Asset Tagging provides a flexible and scalable way to automatically discover and organize the assets in your environment and make

More information

Qualys PC/SCAP Auditor

Qualys PC/SCAP Auditor Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS

More information

Security and Compliance Suite Evaluator s Guide. August 11, 2015

Security and Compliance Suite Evaluator s Guide. August 11, 2015 Security and Compliance Suite Evaluator s Guide August 11, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide AlienVault Unified Security Management (USM) 5.2 Vulnerability Assessment Guide USM 5.2 Vulnerability Assessment Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Online Compliance Program for PCI

Online Compliance Program for PCI Appendix F Online Compliance Program for PCI Service Description for PCI Compliance Monitors 1. General Introduction... 3 2. Online Compliance Program... 4 2.1 Introduction... 4 2.2 Portal Access... 4

More information

rating of 5 out 5 stars

rating of 5 out 5 stars SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security

More information

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014 QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER SAQ FAQ S Q: Should I complete the PCI Wizard or should I go straight to the PCI Forms? A: The PCI Wizard has been designed to simplify the self-assessment requirement

More information

CLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc.

CLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc. CLOCKWORK Training Manual and Reference: Inventory TechnoPro Computer Solutions, Inc. Table of Contents Inventory Learning Objectives License Key 5 Create a Catalog 6 Assign Permissions 9 Categories and

More information

Assets, Groups & Networks

Assets, Groups & Networks Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

Tenable for CyberArk

Tenable for CyberArk HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments

More information

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 OCCS Procedure Title: Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 Purpose The purpose of this procedure is to define the management and controls

More information

Monitoring Inventory. Inventory Management. This chapter includes the following sections:

Monitoring Inventory. Inventory Management. This chapter includes the following sections: This chapter includes the following sections: Inventory Management, page 1 Overview to Global Logical Resources, page 2 Configuring Inventory Data Collection Schedule, page 3 Viewing Inventory Details,

More information

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Windows Firewall Configuration with Group Policy for SyAM System Client Installation with Group Policy for SyAM System Client Installation SyAM System Client can be deployed to systems on your network using SyAM Management Utilities. If Windows Firewall is enabled on target systems, it

More information

Elastic Detector on Amazon Web Services (AWS) User Guide v5

Elastic Detector on Amazon Web Services (AWS) User Guide v5 Elastic Detector on Amazon Web Services (AWS) User Guide v5 This guide is intended for Elastic Detector users on AWS. Elastic Detector is available as SaaS or deployed as a virtual appliance through an

More information

SecureGRC TM - Cloud based SaaS

SecureGRC TM - Cloud based SaaS - Cloud based SaaS Single repository for regulations and standards Centralized repository for compliance related organizational data Electronic workflow to speed up communications between various entries

More information

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS G-Cloud Pricing Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Contents 1. Introduction... 1 2. Pricing... 2 2.1 External Network Scan... 2 2.2 PCI DSS Approved Scanner Vendor (ASV) Scan...

More information

Sample Vulnerability Management Policy

Sample Vulnerability Management Policy Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director

More information

For paid computer support call 604-518-6695 http://www.netdigix.com contact@netdigix.com

For paid computer support call 604-518-6695 http://www.netdigix.com contact@netdigix.com Setting up your vpn connection on windows 2000 or XP in continuation from installing x.509 certificate on windows (please do not continue if you have not installed your x.509 certificate): Instructions

More information

Knowledge based authentication (KBA)

Knowledge based authentication (KBA) Knowledge based authentication (KBA) Overview Knowledge based authentication (KBA) is an advanced identity validation method to authenticate a signer by asking random questions selected from public and

More information

Network Detective. Network Detective Inspector. 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D

Network Detective. Network Detective Inspector. 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D Network Detective 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D Contents Overview... 3 Components of the Inspector... 3 Inspector Appliance... 3 Inspector Diagnostic Tool... 3 Network

More information

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved.

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved. Network Detective PCI Compliance Module Using the PCI Module Without Inspector 2015 RapidFire Tools, Inc. All rights reserved. V20150819 Ver 5T Contents Purpose of this Guide... 4 About Network Detective

More information

Vulnerability Management Policy

Vulnerability Management Policy April 13th, 2015 1.0 SUMMARY Vulnerability management is the processes and technologies that an organization utilizes to identify, assess, and remediate information technology (IT) vulnerabilities, weaknesses,

More information

Vulnerability Scan Results in XML

Vulnerability Scan Results in XML Vulnerability Scan Results in XML Vulnerability scan results may be downloaded in XML format from the scan history list. The vulnerability scan results in XML format contains the same content as the vulnerability

More information

Scanner Networking. User s Guide. Microtek Scanner Server (MSS) utility. Note: ScanWizard Pro's scanner networking

Scanner Networking. User s Guide. Microtek Scanner Server (MSS) utility. Note: ScanWizard Pro's scanner networking Scanner Networking User s Guide This document explains how the scanner network function in ScanWizard Pro allows you to share and unshare scanners for public use, as well as how to access remote and local

More information

Advanced Event Viewer Manual

Advanced Event Viewer Manual Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application

More information

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance

More information

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS AUTOMATING THE 20 CRITICAL SECURITY CONTROLS Wolfgang Kandek, CTO Qualys Session ID: Session Classification: SPO-T07 Intermediate 2012 the Year of Data Breaches 2013 continued in a similar Way Background

More information

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security

More information

Virtual Office Remote Installation Guide

Virtual Office Remote Installation Guide Virtual Office Remote Installation Guide Table of Contents VIRTUAL OFFICE REMOTE INSTALLATION GUIDE... 3 UNIVERSAL PRINTER CONFIGURATION INSTRUCTIONS... 12 CHANGING DEFAULT PRINTERS ON LOCAL SYSTEM...

More information

Delivering IT Security and Compliance as a Service

Delivering IT Security and Compliance as a Service Delivering IT Security and Compliance as a Service Matthew Clancy Technical Account Manager Qualys, Inc. www.qualys.com Agenda Technology Overview The Problem: Delivering IT Security & Compliance Key differentiator:

More information

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault

More information

Digital Signatures with Nitro Pro and CoSign

Digital Signatures with Nitro Pro and CoSign Digital Signatures with Nitro Pro and CoSign 2 Contents Introduction... 2 Supported File Types... 2 Digitally Signing PDF files with CoSign... 3 Configure CoSign Client... 3 Signing a PDF Document... 5

More information

Google Drive. Administrator's Guide

Google Drive. Administrator's Guide Google Drive Administrator's Guide November 2015 www.lexmark.com Contents 2 Contents Overview... 3 Configuring the application...4 Acquiring a Google account... 4 Accessing the configuration page for the

More information

FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide

FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide Version 1.0 May 27, 2015 JAB P-ATO Vulnerability Scan Requirements Guide Page 1 Revision History Date Version Page(s) Description Author May 27,

More information

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure. Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security

More information

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually

More information

Offline Scanner Appliance

Offline Scanner Appliance Offline Scanner Appliance User Guide March 27, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other

More information

Novell ZENworks Asset Management

Novell ZENworks Asset Management Novell ZENworks Asset Management Administrative Best Practices and Troubleshooting www.novell.com APRIL 19, 2005 2 GETTING THE MOST OUT OF NOVELL ZENWORKS ASSET MANAGEMENT The award-winning asset tracking

More information

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information

More information

WPI Grant & Finance Reports using Argos To access the WPI Financial Reporting Menu, log into Banner Web Self Service at: bannerweb.wpi.

WPI Grant & Finance Reports using Argos To access the WPI Financial Reporting Menu, log into Banner Web Self Service at: bannerweb.wpi. WPI Grant & Finance Reports using Argos To access the WPI Financial Reporting Menu, log into Banner Web Self Service at: bannerweb.wpi.edu Attention: If you use a Mac instead of a PC, you must connect

More information

How to Get from Scans to a Vulnerability Management Program

How to Get from Scans to a Vulnerability Management Program How to Get from Scans to a Vulnerability Management Program Gary McCully Any views or opinions presented are solely those of the author and do not necessarily represent those of SecureState LLC. Synopsis

More information

User s Guide. Skybox Risk Control 7.0.0. Revision: 11

User s Guide. Skybox Risk Control 7.0.0. Revision: 11 User s Guide Skybox Risk Control 7.0.0 Revision: 11 Copyright 2002-2014 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is

More information

PubMed My NCBI: Saving Searches & Creating Email Alerts

PubMed My NCBI: Saving Searches & Creating Email Alerts PubMed My NCBI: Saving Searches & Creating Email Alerts My NCBI feature of PubMed allows you to: Save and rerun your search strategies Create an automatic e-mail notification of new articles Build a bibliography

More information

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great)

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Kelly Hammons Principal Consultant, CISSP Secutor Consulting October 2 nd, 2015 97% of breaches could have been avoided through

More information

Security and Compliance Suite Rollout Guide. August 4, 2015

Security and Compliance Suite Rollout Guide. August 4, 2015 Security and Compliance Suite Rollout Guide August 4, 2015 Copyright 2005-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

File Management Utility User Guide

File Management Utility User Guide File Management Utility User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held

More information

Scan to Network and Scan to Network Premium. Administrator's Guide

Scan to Network and Scan to Network Premium. Administrator's Guide Scan to Network and Scan to Network Premium Administrator's Guide March 2015 www.lexmark.com Contents 2 Contents Overview...3 Configuring the application...4 Configuring a destination...4 Configuring destination

More information

Chapter A5: Creating client files and attaching bank accounts

Chapter A5: Creating client files and attaching bank accounts Chapter A5: Creating client files and attaching bank accounts This chapter is aimed at BankLink Administrators It covers the set up of your BankLink Practice clients. A BankLink Practice user needs BankLink

More information

Creating an itunes App Store account without a credit card

Creating an itunes App Store account without a credit card Creating an itunes App Store account without a credit card Summary To create an itunes App Store account on your computer without a credit card, please follow the steps below. In order to create an account

More information

Policy Compliance. Getting Started Guide. January 22, 2016

Policy Compliance. Getting Started Guide. January 22, 2016 Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

STATE OF NEW JERSEY IT CIRCULAR

STATE OF NEW JERSEY IT CIRCULAR NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR

More information

PineApp Surf-SeCure Quick

PineApp Surf-SeCure Quick PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.

More information

SysAid Remote Discovery Tool

SysAid Remote Discovery Tool SysAid Remote Discovery Tool SysAid Release 7 Document Updated: 27-Apr-10 SysAid Remote Discovery Tool The SysAid server comes with a built-in discovery service that performs various network discovery

More information

Manage Address Book. Administrator's Guide

Manage Address Book. Administrator's Guide Manage Address Book Administrator's Guide November 2012 www.lexmark.com Contents 2 Contents Overview...3 Using Manage Address Book...4 Setting up access control from the application...4 Exporting contacts...4

More information

Attachment Y SaaS ITSM Demonstration and Scenarios

Attachment Y SaaS ITSM Demonstration and Scenarios Attachment Y SaaS ITSM Demonstration and Scenarios Demonstration and Oral Presentation Agenda In accordance with Section 1.16 of the RFP, each Presenter will be provided a 3 hour time period to discuss

More information

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

Tenable Network Security Support Portal. January 12, 2015 (Revision 14) Tenable Network Security Support Portal January 12, 2015 (Revision 14) Table of Contents Introduction... 3 Activate Tenable Support Portal... 3 Locate Your Customer ID... 6 Manage Your Activation Codes...

More information

Copyright 2015 http://itfreetraining.com

Copyright 2015 http://itfreetraining.com This video will install Active Directory Federation Services on Windows Server 2012. In a previous video, an enterprise CA was installed and configured. This video will use that enterprise CA to issue

More information

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide Pandora FMS 3.0 Quick User's Guide April 27th, 2009 1 Contents How to monitor a network computer/device?...3 Concepts...3 What's an agent?...3 What's a module?...3 Data transfer modes...3 What is an alert?...3

More information

STARTER KIT. Infoblox DNS Firewall for FireEye

STARTER KIT. Infoblox DNS Firewall for FireEye STARTER KIT Introduction Infoblox DNS Firewall integration with FireEye Malware Protection System delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks.

More information

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment (SRA) Tool User Guide Version Date: March 2014

More information

Continuous Penetration Testing

Continuous Penetration Testing Continuous Penetration Testing SyCom Technologies 1.0 Continuous Penetration Testing Imagine a service that continuously monitors and reports on any new threats that emerge real time and provides a tactical

More information

Rapid Assessment Key User Manual

Rapid Assessment Key User Manual Rapid Assessment Key User Manual Table of Contents Getting Started with the Rapid Assessment Key... 1 Welcome to the Print Audit Rapid Assessment Key...1 System Requirements...1 Network Requirements...1

More information

SCCM Client Checklist for Windows 7

SCCM Client Checklist for Windows 7 SCCM Client Checklist for Windows 7 1. The client workstation must have a supported operating system. Supported operating systems include Windows 7. To view information about the operating system version:

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

FISMA Compliance: Making the Grade

FISMA Compliance: Making the Grade FISMA Compliance: Making the Grade A Qualys Guide to Measuring Risk, Enforcing Policies, and Complying with Regulations EXECUTIVE SUMMARY For federal managers of information technology, FISMA is one of

More information

London & Zurich Merchant Management System User Guide.

London & Zurich Merchant Management System User Guide. London & Zurich Merchant Management System User Guide. Welcome to the London & Zurich Merchant Management System (MMS) user guide. In this guide we will look at the different sections of the MMS and explain

More information

Application Notes for Configuring Radware DefensePro 3020 in an Avaya SIP Telephony Environment Issue 0.3

Application Notes for Configuring Radware DefensePro 3020 in an Avaya SIP Telephony Environment Issue 0.3 Avaya Solution & Interoperability Test Lab Application Notes for Configuring Radware DefensePro 3020 in an Avaya SIP Telephony Environment Issue 0.3 Abstract These Application Notes describe the configuration

More information

Setting Preferences in QuickBooks

Setting Preferences in QuickBooks Setting Preferences in QuickBooks The following preferences should be set in Quickbooks: Setting QuickBooks to Display the Lowest Sub-Account Number The Default setting in QuickBooks for displaying Account

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks

More information

USING THE UPSTREAM-CONNECT WEBSITE

USING THE UPSTREAM-CONNECT WEBSITE USING THE UPSTREAM-CONNECT WEBSITE The UpstreamConnect website is your primary means for viewing imaging device data and reports. This manual covers all aspects of using the UpstreamConnect website. HELPDESK

More information

Software Vulnerability Assessment

Software Vulnerability Assessment Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled

More information

Electronic Ticket System

Electronic Ticket System UNIVERSITY OF GEORGIA Electronic Ticket System New Options Available as of January 2010 Insert the complete email address (valid UGA address only) instead of the UGA MyID to send tickets to Approvers.

More information

Shellshock Security Patch for X86

Shellshock Security Patch for X86 Shellshock Security Patch for X86 Guide for Using the FFPS Update Manager October 2014 Version 1.0. Page 1 Page 2 This page is intentionally blank Table of Contents 1.0 OVERVIEW - SHELLSHOCK/BASH SHELL

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

9 Working With DICOM. Configuring the DICOM Option

9 Working With DICOM. Configuring the DICOM Option 9 Working With DICOM DICOM (Digital Imaging and Communications in Medicine) is a format created by NEMA (National Electrical Manufacturers Association) to aid in the distribution and viewing of medical

More information

How to setup a network printer using HP Universal Printer Driver

How to setup a network printer using HP Universal Printer Driver How to setup a network printer using HP Universal Printer Driver This patch is only usable on HP T5730 Thin Client and up. The Printer also has to be networked and be PCL6 driver compatible in order to

More information

Introducing the Site Prep Tool

Introducing the Site Prep Tool Introducing the Site Prep Tool Revision A03.10.011 Page 1 of 13 REVISION HISTORY Date Revision Changes January 2009 01.01 Initial Revision August 2009 02.01 November 2010 03.00 Octember 2012 03.00.022

More information

*376823* Lead Export Configuration Quick Reference Guide. Configuring Lead Export. Configuring ADP CRM

*376823* Lead Export Configuration Quick Reference Guide. Configuring Lead Export. Configuring ADP CRM Configuring Lead Export Lead Export Configuration Quick Reference Guide While there are three types of leads in ADP CRM (ileads, show and phone leads), to the system itself ADP CRM identifies all leads

More information

Web Application Firewall

Web Application Firewall Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve. Quick Start Guide DocuSign Retrieve 3.2.2 Published April 2015 Overview DocuSign Retrieve is a windows-based tool that "retrieves" envelopes, documents, and data from DocuSign for use in external systems.

More information

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly

More information

NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS. How to monitor WAN connections with NetFort LANGuardian Aisling Brennan

NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS. How to monitor WAN connections with NetFort LANGuardian Aisling Brennan NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS How to monitor WAN connections with NetFort LANGuardian Aisling Brennan LANGuardian gives you the information you need to troubleshoot problems and monitor

More information

White Paper. Managing Risk to Sensitive Data with SecureSphere

White Paper. Managing Risk to Sensitive Data with SecureSphere Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate

More information

CLEARPASS ONGUARD CONFIGURATION GUIDE

CLEARPASS ONGUARD CONFIGURATION GUIDE CONFIGURATION GUIDE REVISION HISTORY Revised By Date Changes Dennis Boas July 2015 Version 1 initial release TABLE OF CONTENTS... 1 INTRODUCTION... 3 CONFIGURATION WORKFLOW... 4 CONFIGURE POSTURE POLICIES...

More information

General or System wide changes:

General or System wide changes: New Features of the e-quantum Release The new release has many enhancements and new features. We will cover as many of these as possible. Release notes can be found in e-quantum in the Help Menu. General

More information

Florida Courts E-Filing Portal. E-service User Guide

Florida Courts E-Filing Portal. E-service User Guide Table of Contents Overview... 3 E-service Features... 3 Pre-Populated E-service Lists... 3 Incorporating E-service to the Filing Process... 3 Screen Location for Service List... 4 E-File Service List Page...

More information

CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office

CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office Last Revised: 09/17/2015 Final REVISION CONTROL Document Title: Author: File Reference: CSUSB Vulnerability

More information

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard State of Minnesota Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard Approval: Enterprise Security Office (ESO) Standard Version 1.00 Gopal Khanna

More information