IBM BigFix Compliance PCI Add-on helps protect organizations from the loss of confidential customer and financial information. It helps you comply with the latest Payment Card Industry Data Security Standard (PCI DSS) reporting requirements.The add-on simplifies monitoring and reporting of PCI compliance through specific PCI DSS configuration and policy compliance checks – and by using specialized dashboards. It enables you to continuously and automatically manage system configuration and currency, improving endpoint security and integrity.

PCI DSS’s security policies and procedures apply to all entities that store, process or transmit payment card data – protecting cardholder data from misuse or theft. Without PCI DSS compliance, companies are vulnerable to security breaches that can lead to significant fines, suspension of credit card privileges, litigation and damage to reputation.

IBM BigFix Compliance PCI Add-on includes the following key capabilities to ensure continuous compliance, reduced risk and lower costs:

  • Continuous monitoring to provide real time visibility of endpoint configuration and compliance to PCI DSS requirements
  • Specialized dashboards and reporting of PCI compliance ¬that summarizes compliance by core requirements and facilitates compliance demonstration during audits
  • Automatic config and system management to improve security posture and prevent compliance drift by addressing deviations automatically – whether the endpoint is on or off the corporate network
  • Single console management that helps to lower cost with extensive scaling and low resource requirements through automation

Continuous monitoring

  • More than 2,000 PCI DSS specific checks on multiple platforms support compliance of nine out of twelve PCI core requirements
  • Local, low resource impact agent continuously monitors endpoint configuration – whether connected to the network or not – to identify and report on any non-compliance
  • Discovery of unmanaged endpoints and automatic patching and remediation of non-compliant systems reduces risk and labor costs

Specialized dashboards and reporting of PCI compliance

  • Out-of-the-box reports organized by core requirements help quickly identify areas of non-compliance
  • Customizable reports and historical reporting simplifies demonstration of audit compliance over time
  • “Milestone” reporting supports the PCI Security Standards Council Prioritized Approach recommendation to pursue compliance

Automatic config and system management

  • Continuous real-time enforcement of security policies, regardless of network connection status, allows for “set it and forget it” policy management – significantly reducing overall security risk
  • Policy-based quarantine of non-compliant systems prevents malware propagation to broader network
  • Enhanced security and PCI compliance benefits customer profitability, brand image and transaction processing

Single console management

  • Automation and single console management for all platforms requires very little administration overhead
  • A single server supports up to 250,000 endpoints and eliminates costly infrastructure