XIA Configuration - Feature

PCI DSS Compliance Audit Tool

Run reports to gather evidence for PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and contains a number of requirements that must be met.

XIA Configuration provides a broad spectrum of configuration and security information within its configuration management database (CMDB) which helps to support PCI DSS.

In addition, specific reports have been created that assist you in providing information aligned to the PCI DSS requirements.

Requirement 2.1

2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.

XIA Configuration includes the report 'Always change default passwords (Windows SNMP)' which allows you to see the SNMP community strings assigned to Windows PCs and servers in the environment and highlights systems using the default read or write community strings.

Screenshot showing the 2.1 Always change default passwords (Windows SNMP) report output in the XIA Configuration web interface
Screenshot showing the 2.1 Always change default passwords (Windows SNMP) report output in the XIA Configuration web interface

Requirement 2.2.1

2.2.1 Implement only one primary function per server.

XIA Configuration provides the ability to view what functions (roles) a server is providing.

Screenshot of Server Functions in the XIA Configuration web interface
Screenshot of Server Functions in the XIA Configuration web interface

Report

This information is accessed in the reporting section which allows servers running multiple functions to be easily identified.

Screenshot showing the 2.2.1 Implement only one primary function per server report output in the XIA Configuration web interface
Screenshot showing the 2.2.1 Implement only one primary function per server report output in the XIA Configuration web interface

Requirement 8.1.4

8.1.4 Remove/disable inactive user accounts within 90 days.

The XIA Configuration Client can be configured to automatically gather information about Active Directory user accounts including their last logon information. This allows an administrator to easily identify enabled, but inactive computer accounts.

Screenshot showing the 8.1.4 Remove or disable inactive user accounts (Active Directory) report output in the XIA Configuration web interface
Screenshot showing the 8.1.4 Remove or disable inactive user accounts (Active Directory) report output in the XIA Configuration web interface

Requirement 8.1.6

8.1.6 Limit repeated access attempts by locking out the user ID after not more than six attempts.

Account lockout policy information is gathered directly from each server and workstation by the XIA Configuration Client and can be viewed on a machine by machine basis.

Screenshot of Account Lockout Policy settings in the XIA Configuration web interface
Screenshot of Account Lockout Policy settings in the XIA Configuration web interface

Report

This information can also be accessed within the reporting section which allows both servers and workstations that do not comply to be easily identified.

Screenshot showing the 8.1.6 and 8.1.7 Account Lockout report output in the XIA Configuration web interface
Screenshot showing the 8.1.6 and 8.1.7 Account Lockout report output in the XIA Configuration web interface

Requirement 8.1.7

8.1.7 Set the lockout duration to a minimum of 30 minutes or until an administrator enables the user ID.

This requirement is covered within the same report as requirement 8.1.6.

Requirement 8.2.3

8.2.3 Passwords/phrases must meet the following: Require a minimum length of at least seven characters. Contain both numeric and alphabetic characters.

Password policy information is gathered directly from each server and workstation by the XIA Configuration Client and can be viewed on a machine by machine basis.

Screenshot of Password Policy settings in the XIA Configuration web interface
Screenshot of Password Policy settings in the XIA Configuration web interface

Report

This information can also be accessed within the reporting section which allows both servers and workstations that do not comply to be easily identified.

Screenshot showing the 8.2.3 Passwords or phrases must meet the following requirements report output in the XIA Configuration web interface
Screenshot showing the 8.2.3 Passwords or phrases must meet the following requirements report output in the XIA Configuration web interface

Requirement 8.2.4

8.2.4 Change user passwords/passphrases at least every 90 days.

This information can be reported against for both machines within the environment and from fine-grained password policies configured for Active Directory domains within the environment.

Screenshot showing the 8.2.4 Change user passwords at least every 90 days report output in the XIA Configuration web interface
Screenshot showing the 8.2.4 Change user passwords at least every 90 days report output in the XIA Configuration web interface

Requirement 8.2.5

8.2.5 Do not allow an individual to submit a new password/phrase that is the same as any of the last four passwords/phrases he or she has used.

This information can be reported against for both machines within the environment and from fine-grained password policies configured for Active Directory domains within the environment.

Screenshot showing the 8.2.5 Do not use passwords that are the same as any of the previous four report output in the XIA Configuration web interface
Screenshot showing the 8.2.5 Do not use passwords that are the same as any of the previous four report output in the XIA Configuration web interface

Requirement 10.4.1

10.4.1 Critical systems have the correct and consistent time

Windows

Display the Windows Time settings configured for your Windows Machines across all your environments.

'Screenshot showing the 10.4.1 Critical systems have the correct and consistent time (Windows) report output in the XIA Configuration web interface
Screenshot showing the 10.4.1 Critical systems have the correct and consistent time (Windows) report output in the XIA Configuration web interface

ESX

Similar information is also available for VMware ESX hosts.

'Screenshot showing the 10.4.1 Critical systems have the correct and consistent time (ESX) report output in the XIA Configuration web interface
Screenshot showing the 10.4.1 Critical systems have the correct and consistent time (ESX) report output in the XIA Configuration web interface

For more information about compliance benchmarks, please view the administrator's guide.

Try our PCI DSS compliance audit tool for free