Ensuring Compliance with PCI DSS

Requires the Log Management and Compliance service in ArcSight SIEM as a Service or the ArcSight Recon capability.

In the Reports Portal, select Repository > Standard Content > PCI.

The PCI Security Standards Council has established standards to ensure the security of payment account data. To help you comply with the PCI Data Security Standards, we provide the Compliance Pack for PCI. For more information about adding the pack to the Reports repository, see the Solutions Guide for ArcSight Compliance Pack for PCI.

This pack includes dashboard and reports organized by the following PCI requirements:

Category	Dashboards	Reports
1 – Maintain Firewalls to Protect Cardholder Data	Overview of Communication Activity from CDE Overview of Communication Activity to CDE	Accessed Ports Through Firewall Blocked Inbound Traffic to Card Holder Data Environment Blocked Outbound Traffic from Card Holder Data Environment Cardholder Data in the DMZ External to Internal PCI Systems Firewall Configuration Changes Inbound Traffic to the Card Holder Data Environment Internal PCI Systems to External Network Routing Configuration Changes Outbound Traffic from the Card Holder Data Environment Personal Firewall Installed Private IP Addresses Disclosure Unauthorized Access to Card Holder Data Environment Unauthorized Inbound Traffic to Card Holder Data Environment Unauthorized Inbound Traffic to DMZ Unauthorized Outbound Traffic from Card Holder Data Environment VPN Configuration Changes
2 – Do Not Use Default Security Parameters	Default Vendor Accounts Overview Insecure Services – Dashboard	Default Vendor Accounts Insecure Services – Report Misconfigured Systems Multiple Functions Implemented on a Server Software Inventory Unencrypted Administrative Accesses
3 – Protect Stored Cardholder Data	n/a	Credit Cards in Clear Text
4 – Encrypt Transmission of Cardholder Data	n/a	Cryptographic Hash Algorithm Related Vulnerabilities Cryptographic Public Key Related Vulnerability Detected Cryptographic Symmetric Key Related Vulnerabilities Cryptographic Weak Protocol Vulnerability Detected SSL or TLS Vulnerabilities TLS BREACH Vulnerabilities TLS CRIME Vulnerabilities Wireless Encryption Violations
5 – Use and Regularly Update Antivirus Software or Programs	Antivirus Activity Malware Activities Overview	Disabled Antivirus and EDR Failed Antivirus and EDR Updates Installed Antivirus and EDR Malicious Code Activities from CDE Malware Activity Malware Activity by Host Spyware and Adware Activity
6 – Maintain Secure Systems and Applications	n/a	Broken Authentication and Session Management Buffer Overflows Configuration Modifications by Host Cross-Site Request Forgery Cross-Site Scripting Database Configuration Changes Improper Access Control Improper Error Handling Injection Flaws Insecure Cryptographic Storage Meltdown or Spectre Vulnerable Assets Operating System Changes Outbound Communication from Development to Production Outbound Communication from Production to Development Security Patch Missing SQL Injection Vulnerabilities Use of Custom Accounts in Production
7 – Restrict Access to Cardholder Data	User Access Activity to Card Holder Data Environment	All Accesses to Cardholder Data Environment All Accesses to Cardholder Data Environment by User
8 – Assign a Unique ID to Each User	Password Policy Changes Overview Windows Account Lockout	Clear Text Password Transmission Password Policy Changes Password Policy Minimum Age Changed Successful Password Changes Terminated User Activity Terminated Users Windows Account Lockouts by System Windows Account Lockouts by User
9 – Restrict Physical Access to Cardholder Data	Failed Physical Facility Access - Dashboard Successful Physical Facility Access	Failed Physical Facility Access - Report Physical Facility Access Attempts
10 – Track and Monitor Access to Cardholder Data	Firewall Events	Account Creation Account Deletion Account Modification Administrative Actions Events Administrative Authorization Changes Anonymous User Activity in CDE Audit Logs Cleared Clock Synchronization Problems Empty Origination of Event Failed Administrative Actions Failed Administrative Logins Failed Logins File Creations Deletions Modifications IDS Events Information System Failures Successful Administrative Logins Successful Logins to CDE Successful User Logins Successful User Logins by Host User Group Creation User Group Deletion
11 – Test Security Systems and Processes Regularly	Attacks and Suspicious Activities Overview Vulnerabilities Scanning Vulnerability Summary Overview	Drill Down Assets with Buffer Overflow Vulnerabilities Drill Down Assets with High Risk Vulnerabilities Drill Down Assets with SSL and TLS Vulnerabilities Drill Down CSRF Vulnerable Assets Drill Down SQL Injection Vulnerable Assets Drill Down XSS Vulnerable Assets Exploit of Vulnerability File Integrity Events High Risk Vulnerabilities Information Interception Events Rogue Wireless AP Detected Traffic Anomaly on Application Layer Traffic Anomaly on Network Layer Traffic Anomaly on Transport Layer Vulnerability Summary by CVE Vulnerability Summary by Host Vulnerability Summary Overview
12 – Maintain a Policy that Addresses Information Security	Policy Violations - Dashboard	All Reporting Devices Policy Violations - Report Windows Domain Policy Changes