Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
PCI Compliance Monitoring
AirWave provides compliance monitoring tools that can help your organization be prepared for a PCI Data Security Standard (DSS) audit. With use of AirWave, your organization can monitor firewalls, network devices, and other services to show PCI compliance.
Check Compliance
The PCI compliance report displays which requirements AirWave monitors, provides links to device management pages, and displays any actions required to resolve compliance failures. In addition to displaying pass or fail status, AirWave provides diagnostic information and recommends actions required to achieve Pass status when sufficient information is available.
You can find the PCI compliance report for a device by navigating to DevicesList, hovering the pointer over a device, and clicking Compliance from the shortcut menu. If you created a PCI compliance report from the ReportsDefinition page, AirWave displays the report on the Generated Reports page when it is available, as shown in Figure 1. For information, see Viewing Generated Reports.
Figure 1 PCI Compliance Report Example
You can schedule, view, and re-run custom PCI compliance reports. For information about working with reports, see Creating, Running, and Sending Reports.
Enabling PCI Compliance Monitoring
When you enable PCI compliance monitoring, AirWave displays real-time information and generates PCI compliance reports that can be used to verify whether a merchant is compliant with a PCI requirement.
For information security standards, refer to the PCI Quick Reference Guide, accessible online from the PCI Security Council Document Library or see Supported PCI Requirements.
To enable PCI auditing:
- Navigate to the AMP Setup > PCI Compliance page.
- Find the PCI requirement that you want to monitor.
- Click
to open the Default Credential Compliance page. The compliance settings vary depending on the PCI requirement. - Select Save.
- To view and monitor PCI auditing on the network, use generated or daily reports. See Creating, Running, and Sending Reports. In addition, you can view the real-time PCI auditing of any given device online. Perform these steps:
- Go to the Devices > List page.
- Select a specific device. The Monitor page for that device displays. The Devices page also displays a Compliance subtab in the menu bar.
- Select Compliance to view complete PCI compliance auditing for that specific device.
Supported PCI Requirements
AirWave currently supports the PCI 3.0. requirements described in Table 1. When the requirements are disabled, AirWave does not check for PCI compliance or report on status.
AirWave users without RAPIDS visibility will not see the 11.1 PCI requirements in the PCI compliance report.
|
Requirement |
Description |
|
1.1 |
Establishes firewall and router configuration standards. A device fails if there are mismatches between the desired configuration and the configuration on the device. |
|
1.2.3 |
Monitors firewall installation between any wireless networks and the cardholder data environment. A device fails if the firewall is not stateful. |
|
2.1 |
Changes vendor-supplied default passwords before a device connects to the cardholder data environment or transmits data in the network. A device fails if the user name, passwords or SNMP credentials used by AirWave are on the list of forbidden default credentials. The list includes common vendor default passwords. |
|
2.1.1 |
Changes vendor-supplied defaults for wireless environments. A device fails if the passwords, SSIDs, or other security-related settings are on a list of forbidden values that AirWave establishes and tracks. The list includes common vendor default passwords. The user can input new values to achieve compliance. |
|
4.1.1 |
Uses strong encryption in wireless networks before sending payment cardholder data across open public networks. A device fails if the desired or actual configuration reflect that WEP is enabled on the network, or if associated users can connect with WEP. |
|
11.1 |
Uses RAPIDS to identify unauthorized devices. A device fails when a rogue device is detected and unacknowledged, or when there are no rogues discovered in the last three months. |
|
11.4 |
Uses intrusion-detection or intrusion-prevention systems to monitor traffic. Recent IDS events are summarized in the PCI compliance report or the IDS report. |
