PCI DSS 3.2 Requirement 6: Develop and Maintain Secure Systems and Applications

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Testing Procedure

How USM Appliance Delivers

USM Appliance Instructions

USM Appliance Documentation

6.2.b For a sample of system components and related software, compare the list of security patches installed on each system to the most recent vendor security-patch list, to verify the following:

• That applicable critical vendor-supplied security patches are installed within one month of release.

• All applicable vendor-supplied security patches are installed within an appropriate time frame (for example, within three months).

The Vulnerability Scan in USM Appliance can inventory patches and report those that are missing.

Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option.  Then enable the following checks in the scanning profile for the target host:

  • Family: Windows
  • Family: AIX Local Security Checks
  • Family: Amazon Linux Local Security Checks
  • Family: CentOS Local Security Checks
  • Family: Citrix Xenserver Local Security Checks
  • Family: Debian Local Security Checks
  • Family: Fedora Local Security Checks
  • Family: FortiOS Local Security Checks
  • Family: Free BSD Local Security Checks
  • Family: Gentoo Local Security Checks
  • Family: HP-UX Local Security Checks
  • Family: JunOS Local Security Checks
  • Family: Mac OSX Local Security Checks
  • Family: Mandrake Local Security Checks
  • Family: RedHat Local Security Checks
  • Family: Solaris Local Security Checks
  • Family: SuSE Local Security Checks
  • Family: Ubuntu Local Security Checks
  • Family: VMware Local Security Checks

Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.

Vulnerability Scans

Export successful scan results and identify findings to determine if system is configured correctly.

Viewing the Scan Results

6.4.5.3.b For custom code changes, verify that all updates are tested for compliance with PCI DSS Requirement 6.5 before being deployed into production.

The Vulnerability Scan in USM Appliance provides Web application testing tools.

Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option.  Then enable the following checks in the scanning profile for the target host:

  • Family: Web Application Abuse

Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.

Vulnerability Scans

Export successful scan results and identify findings to determine if system is configured correctly.

Viewing the Scan Results