74% 96 Action Items. Compliance



Similar documents
Achieving PCI-Compliance through Cyberoam

PCI DSS Requirements - Security Controls and Processes

SonicWALL PCI 1.1 Implementation Guide

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

March

Did you know your security solution can help with PCI compliance too?

General Standards for Payment Card Environments at Miami University

Windows Azure Customer PCI Guide

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

LogRhythm and PCI Compliance

1.3 Prohibit Direct Public Access - Prohibit direct public access between the Internet and any system component in the cardholder data environment.

University of Sunderland Business Assurance PCI Security Policy

GFI White Paper PCI-DSS compliance and GFI Software products

Achieving PCI DSS Compliance with Cinxi

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

PCI DSS Requirements Version 2.0 Milestone Network Box Comments. 6 Yes

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

PCI and PA DSS Compliance Assurance with LogRhythm

Meeting PCI-DSS v1.2.1 Compliance Requirements. By Compliance Research Group

Global Partner Management Notice

Becoming PCI Compliant

2: Do not use vendor-supplied defaults for system passwords and other security parameters

Implementation Guide

The Comprehensive Guide to PCI Security Standards Compliance

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

CorreLog Alignment to PCI Security Standards Compliance

Automate PCI Compliance Monitoring, Investigation & Reporting

ISO PCI DSS 2.0 Title Number Requirement

PCI DSS 3.1 Security Policy

A Rackspace White Paper Spring 2010

Payment Card Industry Data Security Standard

Technology Innovation Programme

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Retail Stores Networks and PCI compliance

Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1)

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Payment Card Industry Data Security Standard

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Using the AppGate Network Segmentation Server TO ACHIEVE PCI COMPLIANCE

Policies and Procedures

Passing PCI Compliance How to Address the Application Security Mandates

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Qualified Integrators and Resellers (QIR) Implementation Statement

Enforcing PCI Data Security Standard Compliance

Credit Card Security

Unified Security Anywhere PCI COMPLIANCE PCI COMPLIANCE WE CAN HELP MAKE IT HAPPEN

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Payment Card Industry (PCI) Compliance. Management Guidelines

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

PCI Requirements Coverage Summary Table

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

PCI Requirements Coverage Summary Table

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Payment Card Industry (PCI) Data Security Standard. Version 1.1

The University of Texas at El Paso

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems

Best Practices for PCI DSS V3.0 Network Security Compliance

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

Corporate and Payment Card Industry (PCI) compliance

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Policy Pack Cross Reference to PCI DSS Version 3.1

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Document TMIC-003-PD Version 1.1, 23 August

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Payment Card Industry Self-Assessment Questionnaire

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

Introduction. PCI DSS Overview

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Thoughts on PCI DSS 3.0. September, 2014

PCI DSS Compliance. with the Barracuda NG Firewall. White Paper

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 2

Secure Auditor PCI Compliance Statement

PCI Compliance We Can Help Make it Happen

MEETING PCI DSS MERCHANT REQUIREMENTS WITH A WATCHGUARD FIREBOX

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Teleran PCI Customer Case Study

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 3

Overcoming PCI Compliance Challenges

How To Protect Your Data From Being Stolen

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

TABLE OF CONTENTS. Compensating Controls Worksheet ReymannGroup, Inc. PCI DSS SAQ Tool Version 2009 Page 1 of 51

Transcription:

Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government but by the credit card companies. Any company that is involved in the transmission, processing or storage of credit card data, must be compliant with PCI-DSS. PCI is divided into 12 main requirements, and further broken down into approximately 200 control areas. There are different levels of PCI compliance depending on the number of transactions that are being processed by the company. Future Unscheduled Overdue 29 items 9 items 58 items Unscheduled (9) Future (29) Overdue (58) 203 Security Best Practices related to this regulation 53% Secure 4% 13% 30% 55 Regulatory Requirements 19 12 13 11 Blades Security Status by Blade Firewall 68% Data Loss Prevention 57% IPSec VPN 72% URL Filtering 48% 1/96

Regulatory Requirement Summary ( 1 out of 4 ) 2 Id Description Status 030005 Establish firewall and router configuration standards that include documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.1.5] 030007 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.2.1] 030009 Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.2.3] 030011 Limit inbound Internet traffic to IP addresses within the DMZ [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.2] 030012 Do not allow any direct connections inbound or outbound for traffic between the Internet and the cardholder data environment [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.3] 030013 Do not allow internal addresses to pass from the Internet into the DMZ [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.4] 030014 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.5] 030015 Implement stateful inspection, also known as dynamic packet filtering [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.6] 030017 Do not disclose private IP addresses and routing information to unauthorized parties [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.8] 030021 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards [Original PCI DSS 2.0 Reference: Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: 2.2] 030024 Configure system security parameters to prevent misuse [Original PCI DSS 2.0 Reference: Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: 2.2.3] 030025 030026 030046 030048 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers [Original PCI DSS 2.0 Reference: Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: 2.2.4] Encrypt all non-console administrative access using strong cryptography. Use technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access [Original PCI DSS 2.0 Reference: Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: 2.3] Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks [Original PCI DSS 2.0 Reference: Requirement 4: Encrypt transmission of cardholder data across open, public networks: 4.1] Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.) [Original PCI DSS 2.0 Reference: Requirement 4: Encrypt transmission of cardholder data across open, public networks: 4.2] 2/96

Regulatory Requirement Summary ( 2 out of 4 ) 3 Id Description Status 030049 030050 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers) [Original PCI DSS 2.0 Reference: Requirement 5: Use and regularly update anti-virus software or programs: 5.1] Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software [Original PCI DSS 2.0 Reference: Requirement 5: Use and regularly update anti-virus software or programs: 5.1.1] 030051 Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs [Original PCI DSS 2.0 Reference: Requirement 5: Use and regularly update anti-virus software or programs: 5.2] 030052 Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release [Original PCI DSS 2.0 Reference: Requirement 6: Develop and maintain secure systems and applications: 6.1] 030053 Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities [Original PCI DSS 2.0 Reference: Requirement 6: Develop and maintain secure systems and applications: 6.2] 030076 030077 030078 030079 030080 030081 030082 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods: 1) Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes, 2) Installing a web-application firewall in front of public-facing web applications [Original PCI DSS 2.0 Reference: Requirement 6: Develop and maintain secure systems and applications: 6.6] Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.1.1] Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the assignment of privileges is based on individual personnel"s job classification and function [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.1.2] Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the requirement for a documented approval by authorized parties specifying required privileges [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.1.3] Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the implementation of an automated access control system [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.1.4] Establish an access control system for systems components with multiple users that restricts access based on a user"s need to know, and is set to "deny all" unless specifically allowed. This access control system must include coverage of all system components [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.2.1] Establish an access control system for systems components with multiple users that restricts access based on a user"s need to know, and is set to "deny all" unless specifically allowed. This access control system must include the assignment privileges to individuals based on job classification and function [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.2.2] N/A 3/96

Regulatory Requirement Summary ( 3 out of 4 ) 4 Id Description Status 030083 030085 030086 Establish an access control system for systems components with multiple users that restricts access based on a user"s need to know, and is set to "deny all" unless specifically allowed. This access control system must include a default "deny-all" setting [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.2.3] In addition to assigning a unique ID, employ at least one of the following methods to authenticate all users: a) Something you know, such as a password or passphrase, b) Something you have, such as a token device or smart card, c) Something you are, such as a biometric [Original PCI DSS 2.0 Reference: Requirement 8: Assign a unique ID to each person with computer access: 8.2] Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties [Original PCI DSS 2.0 Reference: Requirement 8: Assign a unique ID to each person with computer access: 8.3] 030087 Render all passwords unreadable during transmission and storage on all system components using strong cryptography [Original PCI DSS 2.0 Reference: Requirement 8: Assign a unique ID to each person with computer access: 8.4] 030101 Set the lockout duration to a minimum of 30 minutes or until administrator enables the user ID [Original PCI DSS 2.0 Reference: Requirement 8: Assign a unique ID to each person with computer access: 8.5.14] 030102 If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session [Original PCI DSS 2.0 Reference: Requirement 8: Assign a unique ID to each person with computer access: 8.5.15] 030117 Send the media by secured courier or other delivery method that can be accurately tracked [Original PCI DSS 2.0 Reference: Requirement 9: Restrict physical access to cardholder data: 9.7.2] 030125 030126 Implement automated audit trails for all system components to reconstruct all individual accesses to cardholder data [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.1] Implement automated audit trails for all system components to reconstruct all actions taken by any individual with root or administrative privileges [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.2] 030127 Implement automated audit trails for all system components to reconstruct access to all audit trails [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.3] 030128 030129 030130 030131 030132 Implement automated audit trails for all system components to reconstruct invalid logical access attempts [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.4] Implement automated audit trails for all system components to reconstruct use of identification and authentication mechanisms [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2 5] Implement automated audit trails for all system components to reconstruct initialization of the audit logs [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.6] Implement automated audit trails for all system components to reconstruct creation and deletion of system-level objects [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.7] Record user identification in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.1] 4/96

Regulatory Requirement Summary ( 4 out of 4 ) 5 Id Description Status 030133 030134 030135 030136 030137 Record event type in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.2] Record date and time in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.3] Record a success or failure indication in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.4] Record the origination of the event in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.5] Record the identity or name of the affected data, system component or resource in the audit trail entries for all system components for all events listed in 10.2.1-10.2.7 [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.3.6] 030144 Promptly backing up audit trail files to a centralized log server or media that is difficult to alter [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.5.3] 030145 Write logs for external-facing technologies onto a log server on the internal LAN [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.5.4] 030146 030148 Use file integrity monitoring or change detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert) [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.5.5] Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from backup) [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.7] 030150 Perform quarterly internal vulnerability scans [Original PCI DSS 2.0 Reference: Requirement 11: Regularly test security systems and processes: 11.2.1] 030152 Perform internal and external scans after any significant change [Original PCI DSS 2.0 Reference: Requirement 11: Regularly test security systems and processes: 11.2.3] 030156 030170 Use intrusion detection systems, and/or intrusion prevention systems to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points inside of the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines, baselines, and signatures up-to-date [Original PCI DSS 2.0 Reference: Requirement 11: Regularly test security systems and processes: 11.4] Ensure usage policies for critical technologies require automatic disconnect of sessions for remote access technologies after a specific period of inactivity [Original PCI DSS 2.0 Reference: Requirement 12: Maintain a policy that addresses information security for all personnel: 12.3.8] 030192 Include alerts from intrusion detection, intrusion prevention, and file integrity monitoring systems [Original PCI DSS 2.0 Reference: Requirement 12: Maintain a policy that addresses information security for all personnel: 12.9.5] 5/96

ID: 030007 Description: Status: PCI DSS 2.0-030007 7 DLP109 This checks that the DLP policy includes a rule or rules to restrict the sending of PCI - Cardholder data outside the organization. Data Loss Prevention DLP135 This checks that the DLP policy includes a rule or rules to restrict the sending of PCI - Credit Card Numbers - 5 or more outside the organization. Data Loss Prevention FW101 FW146 Requirement Details Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.2.1] This checks whether the 'Clean up Rule' is the last row listed in the Firewall Rule Base and is applied to all Gateways. A 'Clean up Rule' is defined as: Source= Any; Destination= Any; VPN= Any Traffic; Service= Any; Action= Drop; Track= log ; Install on= Policy Targets; Time= Any This checks whether an 'Any Any Accept' rule is listed in the Firewall Rule Base and if so, that it is not applied to any Gateway. An 'Any Any accept'' is defined as: Source= Any; Destination= Any; Service= Any; Action= Accept Firewall Firewall 7/96

PCI DSS 2.0-030017 16 Requirement Details ID: 030017 Description: Do not disclose private IP addresses and routing information to unauthorized parties [Original PCI DSS 2.0 Reference: Requirement 1: Install and maintain a firewall configuration to protect cardholder data: 1.3.8] Status: FW104 This checks each cluster to ensure that 'Enable extended cluster Anti-Spoofing' is enabled Firewall Secure FW116 This checks the NAT settings on each Gateway that 'Internal networks are hidden behind the external IP' is selected Firewall FW102 This checks defined interfaces for all Gateways to ensure that 'Perform Anti-Spoofing based on interface topology' is enabled Firewall FW103 This checks defined interfaces for all Gateways to ensure that the Anti-Spoofing action is set to Prevent Firewall 16/96

PCI DSS 2.0-030050 ( 1 out of 3 ) 51 Requirement Details ID: 030050 Description: Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software [Original PCI DSS 2.0 Reference: Requirement 5: Use and regularly update antivirus software or programs: 5.1.1] Status: AB104 This checks that each Gateway is activated according to the profiles defined in the Anti-Bot policy Anti-Bot N/A AB102 This checks the 'Suspicious Mail Detection' settings in the Anti-Bot blade for each defined Profile, and that 'Inspect first (KB) of email messages' is set to at least 4 KB. Anti-Bot Secure AB110 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Bot blade is set to 'Prevent' or 'Detect' Anti-Bot Secure AB109 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Bot blade is set to 'Prevent' Anti-Bot Secure AB105 This checks whether the Malware Database in the Anti-Bot blade is being updated automatically. Anti-Bot Secure AB108 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Bot blade is set to 'Prevent' Anti-Bot Secure AB107 This test checks that all Gateways that have the Anti-Bot blade installed have HTTPS Inspection enabled. Anti-Bot Secure AB106 This checks whether the Malware Database in the Anti-Bot blade is being updated at least every two hours. Anti-Bot Secure AV117 This checks that each Gateway is activated according to the profiles defined in the Anti-Virus policy Anti-Virus N/A AV104 This checks whether the HTTP protocol has been enabled in the Anti-Virus settings Anti-Virus Secure AV106 This checks that the maximum number of levels to be scanned in a MIME email with nested contents is not less than 7 Anti-Virus Secure AV105 This checks whether the SMTP protocol has been enabled in the Anti-Virus settings Anti-Virus Secure 51/96

PCI DSS 2.0-030050 ( 2 out of 3 ) 52 AV113 This checks whether the Malware Database in the Anti-Bot blade is being updated at least every two hours. Anti-Virus Secure AV115 This checks that the frequency of automatic updates to the Anti-Virus database is at least every 120 minutes. Anti-Virus Secure AV112 This checks whether the Malware Database in the Anti-Bot blade is being updated automatically. Note that this won't be checked if 'Traditional Anti-Virus' is enabled on all Gateways. In this case the check will have an NA status. AV107 This checks that the Anti-Virus blocks files if the number of MIME nesting levels in an email has been exceeded Anti-Virus Secure AV109 This checks that the Malware DNS Trap is enabled and at least one DNS server is defined. Anti-Virus Secure AV103 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Virus blade is set to 'Prevent', 'Ask' or 'Detect' Anti-Virus Secure AV111 This checks that HTTPS Inspection is enabled all Gateways which Anti Virus blade installed on Anti-Virus Secure AV101 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Virus blade is set to 'Prevent' Anti-Virus Secure AV102 This checks whether the ' Confidence' setting in the 'Protection Activation Policy' for each profile in the Anti-Virus blade is set to 'Prevent' Anti-Virus Secure AV114 This test checks that the Anti-Virus database is being automatically updated from the Check Point cloud. Note that this will only be checked if at least one of the Gateways has 'Traditional Anti-Virus' enabled. Otherwise this check will have an NA status. AV108 This checks that Archive scanning in the Anti-Virus settings has been enabled Anti-Virus FW104 This checks each cluster to ensure that 'Enable extended cluster Anti-Spoofing' is enabled Firewall Secure FW102 This checks defined interfaces for all Gateways to ensure that 'Perform Anti-Spoofing based on interface topology' is enabled Firewall FW103 This checks defined interfaces for all Gateways to ensure that the Anti-Spoofing action is set to Prevent Firewall IPS104 This checks that the IPS Policy automatically activates Client Protections for each profile. IPS Secure IPS102 This checks the IPS Mode for each Profile whether the 'default action for existing protection' is set to Prevent IPS Secure Anti-Virus Anti-Virus Secure 52/96

PCI DSS 2.0-030050 ( 3 out of 3 ) 53 IPS103 This checks that IPS Protections have been activated on each profile in accordance with the IPS policy IPS Secure IPS106 This checks the severity-based protection settings in the IPS policy for each profile to ensure that protections with a severity status are not being activated IPS Secure IPS110 This checks that the Profile's IPS Policy activates all applicable protections IPS Secure IPS107 This checks the confidence level-based protection settings in the IPS policy for each profile to ensure that protections with a or - severity status are not being activated IPS Secure IPS105 This checks that the IPS Policy automatically activates Server Protections for each profile. IPS Secure IPS111 This checks all IPS Profiles that the ability to automatically switch all protections to Detect-Only has been disabled IPS Secure IPS108 This checks each Profile's IPS Policy to ensure that activated protections include those that have a performance impact IPS IPS113 This checks that the Protection Scope for the IPS on each Gateway is set to perform IPS inspection on all traffic.note that the implementation of this recommendation has a Wide Impact. IPS IPS109 This checks each Profile's IPS Policy to ensure that the activated protections include those that are categorized as Protocol Anomalies IPS IPS114 This checks that the IPS Blade is up to date and that there are no available IPS updates older than three days that have not been downloaded IPS 53/96

ID: 030077 Description: Status: PCI DSS 2.0-030077 61 FW130 FW146 FW101 Requirement Details Limit access to system components and cardholder data to only those individuals whose job requires such access. Access limitations must include the restriction of access rights to privileged user IDs to least privileges necessary to perform job responsibilities [Original PCI DSS 2.0 Reference: Requirement 7: Restrict access to cardholder data by business need to know: 7.1.1] This checks whether the 'Stealth Rule' is configured in the Firewall Rule Base and is applied to all Gateways. A 'Stealth Rule' is defined as:source= Any; Destination= GW's ; Service= Any; Action= Drop; Track= log ; Install on= Policy Target ; Time= Any This checks whether an 'Any Any Accept' rule is listed in the Firewall Rule Base and if so, that it is not applied to any Gateway. An 'Any Any accept'' is defined as: Source= Any; Destination= Any; Service= Any; Action= Accept This checks whether the 'Clean up Rule' is the last row listed in the Firewall Rule Base and is applied to all Gateways. A 'Clean up Rule' is defined as: Source= Any; Destination= Any; VPN= Any Traffic; Service= Any; Action= Drop; Track= log ; Install on= Policy Targets; Time= Any Firewall Firewall Firewall 61/96

Requirement Details PCI DSS 2.0-030125 74 ID: 030125 Description: Implement automated audit trails for all system components to reconstruct all individual accesses to cardholder data [Original PCI DSS 2.0 Reference: Requirement 10: Track and monitor all access to network resources and cardholder data: 10.2.1] Status: FW122 This checks that all activities of the system administrator and the system operator are logged Firewall Secure FW105 This checks each Firewall rule to ensure that it has a defined Log setting under the Track option Firewall Secure FW171 This checks that all Firewall audit trails include the date and time of all logged events Firewall Secure 74/96

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information