PCI Status

by Josef Weiss
March 25, 2014

This dashboard leverages Nessus PCI system configuration results to track which PCI controls are compliant or non-compliant. As such, a PCI Audit Policy must be used to achieve results. Audit files are available for download via the Tenable Support Portal for a variety of operating environments.

This dashboard displays which PCI controls your systems are compliant with, and which require additional actions to be taken for compliance. It is accomplished by performing credentialed Nessus configuration audits of your PCI systems; this SecurityCenter dashboard can then be used to track which controls are currently being met or not.

This dashboard contains 2 main areas, comprised of 14 components, that correspond to PCI sections 1 through 12. The top two components contain bar graphs that reflect configuration settings relevant to the PCI section being considered. Each row lists the percentage of compliant and non-compliant settings that pertain to each corresponding section of the PCI DSS specification. There are three parts to each row.

  • A percentage of tests failing each requirement.
  • A percentage of tests passing each requirement.
  • A percentage of tests that require additional action to be taken.

Twelve additional components, one for each PCI Requirement, display text based results on which PCI controls your systems are compliant with, which fail, and which require additional actions to be taken for compliance.

Although the Nessus audit configuration settings map to most parts of the PCI DSS, there are many operating systems that do not have configuration settings for each setting. This means that some sections will be empty of compliant or non-compliant results.

Passing settings have a value of 'Info' and failing settings have a value of 'High'. An empty report indicates that no corresponding PCI settings for that section were available for auditing. Depending on the type of operating system being tested, configuration settings that are relevant to PCI may or may not be available.

The dashboard and its components are available in the SecurityCenter 4.7 Dashboard app feed, an app store of dashboards, reports, and assets. The dashboard requirements are:

  • SecurityCenter 4.8.0
  • Nessus 5.2.5
  • PCI Audit File for Nessus