PCI DSS 2.0/3.0 - AIX

Audit Details

Name: PCI DSS 2.0/3.0 - AIX

Updated: 4/25/2022

Authority: PCI DSS

Plugin: Unix

Revision: 1.32

Estimated Item Count: 263

Audit Changelog


Revision 1.32 Apr 25, 2022 Miscellaneous Metadata updated. References updated.
Revision 1.31 Feb 1, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.30 Oct 5, 2020 Functional Update PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'CLiC kernel extension has loaded' PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'System is AIX 6.1' PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'clic.rte.includes is installed' PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'clic.rte.kernext is installed' PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'clic.rte.lib is installed' PCI 3.4.1 - EFS - implementation (AIX 6.1 only) - 'clic.rte.pkcs11 is installed' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'Enhanced RBAC is enabled' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'System is AIX 6.1' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t auth info' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t cmd info' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t dev info' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t dom info' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t domobj info' PCI 7.1.2 - Assignment of privileges is based on job classification and function - 'lskst -t role info' PCI 8.2 - /etc/security/login.cfg - 'pwd_algorithm = ssha256 (AIX 5.3 TL7+ only)' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'adm account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'adm login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'bin account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'bin login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'daemon account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'daemon login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'esaadmin account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'esaadmin login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'guest account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'guest login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'invscout account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'invscout login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'ipsec account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'ipsec login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'lp account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'lp login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'lpd account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'lpd login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'nobody account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'nobody login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'nuucp account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'nuucp login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'pconsole account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'pconsole login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'printq account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'printq login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'snapp account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'snapp login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'sshd account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'sshd login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'sys account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'sys login=false rlogin=false' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'uucp account has been removed' PCI 8.5 - Generic user IDs and accounts are disabled or removed - 'uucp login=false rlogin=false'
Revision 1.29 Sep 29, 2020 Miscellaneous References updated.
Revision 1.28 Apr 22, 2020 Miscellaneous Metadata updated. References updated.
Revision 1.27 Mar 4, 2019 Functional Update PCI 2.2.4 - Verify that common security parameter settings are included - '/etc/motd contains the appropriate text' Miscellaneous Variables updated.
Revision 1.26 Feb 7, 2019 Miscellaneous Metadata updated. References updated.
Revision 1.25 Dec 13, 2018 Miscellaneous References updated.