Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
11
6.1 Ensure latest security patches are installed
Requirement 6.1 intends to ensure that all system components and software have the latest vendor-supplied
security patches installed and also to have a process in place to deploy critical patches within a month of release.
HP-UX Software Assistant (SWA) is a tool that consolidates and simplifies patch management and security bulletin
management on HP-UX systems. SWA can perform a number of checks including applicable security bulletins and
installed patches with critical warnings. You can use SWA to download any recommended patches or patch bundles
and create a depot ready for installation after analysis is completed.
SWA requires an active HP support agreement (that includes Software Updates) linked to your HPSC (HP Support
Center) profile. After the analysis completes, SWA downloads recommended patches or patch bundles from HPSC
and creates a depot ready for installation.
SWA addresses the Requirement 6.1 by performing the following functions.
Analyze:
SWA runs as a client-side patch and security analysis tool. An HP-supplied catalog file with known problems and
fixes is downloaded from the HPSC and compared to the software installed on the system.
Report:
SWA generates a variety of reports based on the analysis. Action, Issue, and Detail reports are available. A
consolidated HTML report with links to the technical knowledge base is always created. The SWA reports provide
information for downloading software from HP and for actions that must be taken manually.
Download Software from HP Support Center:
Based on the analysis, SWA obtains patches from HP and creates a Software Distributor (SD) depot of software for
installation. SWA automatically uses MD5 cryptographic hash to verify patch integrity before unpacking downloaded
patches.
HP Server Automation (HPSA) also helps to meet this requirement. HPSA automates the key aspects of patch
management, while offering a fine degree of control over how and under what conditions patches are installed.
With the SA Client, you can identify and install patches that protect against security vulnerabilities.
For more information about HP Server Automation, see Appendix A.
6.2 Process to identify and assign a risk ranking to new security
vulnerabilities
Requirement 6.2 states that a process should be established to identify newly discovered security vulnerabilities, or
using a vulnerability scanning service or software.
SWA identifies security vulnerability by performing the analysis of system patches and checks for critical security
warnings. After the analysis is complete, SWA reports the findings and generates reports of various types.
The HTML report is a comprehensive report of Action, Issue and Detail.
Report of Action:
This report provides a summary of recommended actions. This is a comprehensive list of patch bundles and patches
recommended. It also provides a list of manual actions if any are detected as part of the Action report.
Report of Issues:
This reports a summary of issues. A list of exposed problems, including those with no SWA recommended solution.
Report of Details:
This report must be used for recommended actions with issue justification.
This report consists of a cross-reference of actions to resolved issues, Issue IDs, dependencies, web addresses for
relevant patch and security issue information and web addresses to download patches.
For more information about HP-UX Software Assistant, see Appendix A.