PCI DSS 3.0 - Microsoft Windows

Audit Details

Name: PCI DSS 3.0 - Microsoft Windows

Updated: 4/25/2022

Authority: PCI DSS

Plugin: Windows

Revision: 1.28

Estimated Item Count: 69

Audit Items

DescriptionCategories
PCI 1.4 Installing personal firewall software on any mobile and employee-owned computers with direct connectivity to the Internet - Firewall

SYSTEM AND COMMUNICATIONS PROTECTION

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Alerter Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service AppMgr Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Appmon Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service BINLSVC Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service CiSvc Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service ClipSrv Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service FAX Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service helpsvc Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service HTTPFilter Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service IISADMIN Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service LicenseService Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service MacFile Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service MacPrint Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Messenger Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service mnmsrvc Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service MSFtpsvc Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Netman Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Ntfrs Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service NWCWorkstation Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Pop3Svc Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service RasAuto Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service RasMan Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service RDSessMgr Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Remote_Storage_Server Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Remote_Storage_User_Link Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service RemoteRegistry Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service RpcLocator Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service SMTPSVC Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service SNMP Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service SNMPTRAP Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service Spooler Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service srvcsurg Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service TapiSrv Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service TermService Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service TFTPD Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service TlntSvr Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service W3SVC Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.2 Disable all unnecessary and insecure services and protocols, Service WZCSVC Disabled

CONFIGURATION MANAGEMENT

PCI 2.2.4 Configure system security parameters to prevent misuse - Accounts: Guest Account Status: Disabled

ACCESS CONTROL

PCI 2.2.4 Configure system security parameters to prevent misuse - Accounts: Limit local account use of blank passwords to console logon

IDENTIFICATION AND AUTHENTICATION

PCI 2.2.4 Configure system security parameters to prevent misuse - Accounts: Rename Administrator Account: non-standard

ACCESS CONTROL

PCI 2.2.4 Configure system security parameters to prevent misuse - Accounts: Rename Guest Account: non-standard

ACCESS CONTROL

PCI 2.2.4 Configure system security parameters to prevent misuse - Audit: Shut Down system immediately if unable to log security alerts

AUDIT AND ACCOUNTABILITY

PCI 2.2.4 Configure system security parameters to prevent misuse - Devices: Allowed to format and eject removable media: Administrators

MEDIA PROTECTION

PCI 2.2.4 Configure system security parameters to prevent misuse - Devices: Prevent users from installing printer drivers: Enabled

ACCESS CONTROL

PCI 2.2.4 Configure system security parameters to prevent misuse - Minimum Password Age: 1 day

IDENTIFICATION AND AUTHENTICATION

PCI 2.2.4 Configure system security parameters to prevent misuse - Network Access: Allow Anonymous SID/Name Translation: Disabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

PCI 2.2.4 Configure system security parameters to prevent misuse - Network Access: Do not allow Anonymous Enumeration of Accounts and Shares

ACCESS CONTROL

PCI 2.2.4 Configure system security parameters to prevent misuse - Network Access: Do not allow Anonymous Enumeration of SAM Accounts

ACCESS CONTROL