Testing Procedure | How Sheriff CSM Delivers | Sheriff CSM Instructions | Sheriff CSM Documentation |
5.1 For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Enable the plugin for your anti-virus software, and enable forwarding of the syslog events from the anti-virus manager. | Enable Plugins |
Run the anti-virus Raw Logs report to verify the anti-virus software is running. | How to Run Reports | ||
5.2.b Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are • Configured to perform automatic updates, and • Configured to perform periodic scans. | The Vulnerability Scan in Sheriff CSM can test configurations to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
Run a Vulnerability Scan using the custom scan profile that was created. | Performing Vulnerability Scans | ||
Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results | ||
View the anti-virus logs in SIEM Events. | Security Events Views | ||
5.2.c Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that • The anti-virus software and definitions are current. • Periodic scans are performed. | The Vulnerability Scan in Sheriff CSM can test configuration to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
Run a Vulnerability Scan using the custom scan profile that was created. | Creating Vulnerability Scan Jobs | ||
Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results | ||
View the anti-virus logs in SIEM Events. | Security Events Views | ||
5.2.d Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that • Anti-virus software log generation is enabled, and • Logs are retained in accordance with PCI DSS Requirement 10.7. | Sheriff CSM detects the presence of running processes such as anti-virus software. Sheriff CSM also collects and retains logs sent using Sheriff HIDS, in accordance with requirement 5.2.d | Run the anti-virus “Raw Logs” report to verify the anti-virus software is running and generating logs. | How to Run Reports |
View the anti-virus logs in SIEM Events. | Security Events Views | ||
5.3.a Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify the anti-virus software is actively running. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Run the existing “Antivirus Disabled” PCI report to verify anti-virus software is actively running. | How to Run Reports |
5.3.b Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that the anti-virus software cannot be disabled or altered by users. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Run the existing “Antivirus Disabled” PCI report to verify anti-virus software has not been disabled by users. | How to Run Reports |