 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>UserGuide>UsingSheriffCSMForPCICompliance>PCIDSS32Requirement5 (29 Apr 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSM™
Previous Next Sheriff CSM™
PCI DSS 3.2 Requirement 5: Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs
| Testing Procedure | How Sheriff CSM Delivers | Sheriff CSM Instructions | Sheriff CSM Documentation |
| 5.1 For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Enable the plugin for your anti-virus software, and enable forwarding of the syslog events from the anti-virus manager. | Enable Plugins |
| Run the anti-virus Raw Logs report to verify the anti-virus software is running. | How to Run Reports | ||
| 5.2.b Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are • Configured to perform automatic updates, and • Configured to perform periodic scans. | The Vulnerability Scan in Sheriff CSM can test configurations to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
| Run a Vulnerability Scan using the custom scan profile that was created. | Performing Vulnerability Scans | ||
| Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results | ||
| View the anti-virus logs in SIEM Events. | Security Events Views | ||
| 5.2.c Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that • The anti-virus software and definitions are current. • Periodic scans are performed. | The Vulnerability Scan in Sheriff CSM can test configuration to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. | Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
| Creating a Custom Scan Profile |
| Run a Vulnerability Scan using the custom scan profile that was created. | Creating Vulnerability Scan Jobs | ||
| Export successful scan results and identify findings to determine if system is configured correctly. | Viewing the Scan Results | ||
| View the anti-virus logs in SIEM Events. | Security Events Views | ||
| 5.2.d Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that • Anti-virus software log generation is enabled, and • Logs are retained in accordance with PCI DSS Requirement 10.7. | Sheriff CSM detects the presence of running processes such as anti-virus software. Sheriff CSM also collects and retains logs sent using Sheriff HIDS, in accordance with requirement 5.2.d | Run the anti-virus “Raw Logs” report to verify the anti-virus software is running and generating logs. | How to Run Reports |
| View the anti-virus logs in SIEM Events. | Security Events Views | ||
| 5.3.a Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify the anti-virus software is actively running. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Run the existing “Antivirus Disabled” PCI report to verify anti-virus software is actively running. | How to Run Reports |
| 5.3.b Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that the anti-virus software cannot be disabled or altered by users. | Sheriff CSM detects the presence of running processes such as anti-virus software. | Run the existing “Antivirus Disabled” PCI report to verify anti-virus software has not been disabled by users. | How to Run Reports |
Edit | Attach | Print version | History: r10 < r9 < r8 < r7 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r10 - 29 Apr 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.