PCI-DSS Compliance for an HP-UX Host
10
Figure 2: Example of end-to-
end use of IPSec in the Intranet
HP-
UX HIDS can be used to potentially detect unprotected PANs sen
only if)
the contents of messaging technologies are logged in a pla
template for monitoring the
contents of these log files.
For more information about HP-UX HIDS, see
Appendix A
Requirement 5: Use and regularly update anti
software or programs
HP-
UX servers are not often the target of virus programs
software to protect systems from malicious programs.
Requirement 6: Develop and maintain secure systems and
applications
Sub Req# Requirement
6.1
Ensure latest security p
atches are installed
6.2
Process to identify and assign a risk ranking to new
security vulnerabilities
6.3
Develop software in accordance with PCI DSS
6.4
Follow change control processes and procedures
6.5
Develop applications based on secure coding guidelines.
6.6
Address new threats and vulnerabilities for public facing
web applications on an ongoing basis
end use of IPSec in the Intranet
UX HIDS can be used to potentially detect unprotected PANs sen
t by end-
user messaging technologies if
the contents of messaging technologies are logged in a pla
in text log file.
Enable log file monitoring
contents of these log files.
Appendix A
.
Requirement 5: Use and regularly update anti
-virus
UX servers are not often the target of virus programs
. You can deploy commercially available Anti-
Virus
software to protect systems from malicious programs.
Requirement 6: Develop and maintain secure systems and
Products
atches are installed
HP-UX Software Assistant, HP Server
Automation
Process to identify and assign a risk ranking to new
HP-UX Software Assistant
Develop software in accordance with PCI DSS
Not in the purview of this document
Follow change control processes and procedures
Not in the purview of this document
Develop applications based on secure coding guidelines.
Not in the purview of this document
Address new threats and vulnerabilities for public facing
web applications on an ongoing basis
Not in the purview of this document
user messaging technologies if
(and
Enable log file monitoring
Virus
Requirement 6: Develop and maintain secure systems and