12 – Maintain a Policy that Addresses Information Security
In the Reports Portal, select > > > Reports or Dashboards > .
PCI Requirement 12 expects your enterprise to maintain a policy that addresses the information security for all personnel who are associated with your enterprise or have some form of access to the cardholder’s data system. Personnel should know the enterprise's expectations for handling cardholder data, and should know their responsibilities for protecting the sensitivity of the data.
To assess your enterprise's compliance with this requirement, use the following dashboards and reports:
| Dashboards | Reports |
|---|---|
Lists all reporting devices in the environment by number of events. PCI expects that you maintain an inventory of devices and check for unapproved devices. The table lists device by product, vendor, IP address, and zone.
Provides, in charts and a table, an overview of policy violations. You can view the number of violations by day, the IP addresses and signature IDs associated with violations, and the users with the most violations.
Reports policy violations by IP address. The table lists the details of the affected host system, the number of events, and when the events occurred.
Reports changes to the Windows domain policy by associated IP address. The table lists the details of the affected host system and the number of changes.