| PCI DSS Requirement |
Netwrix Solution |
Components |
Report Mapping |
| 7. Restrict access to cardholder data by business need-to-know
|
| 7.1 Limit access to system components and cardholder data to only those individuals whose job requires such access.
|
Auditing functionality to monitor all security-related changes in Active Directory, Group Policy, Exchange, file servers, SQL Servers,virtualization environments. Audited use of high-privileged system accounts.
|
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / Administrative Group Membership Changes
AD Change Reporter / Object Security Changes
File Server Change Reporter / Permission Changes
SQL Server Change Reporter / Object Changes
|
| 7.2 Establish a mechanism for systems with multiple users that restricts access based on a user´s need to know and is set to “deny all” unless specifically allowed.
|
Monitoring of file and folders and their permissions, Active Directory and Group Policy objects, SQL Server security for early detection of unauthorizedchanges to security access settings (e.g. granting of new permissions).
|
AD Change Reporter
File Server Change Reporter
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
Group Policy Change Reporter / All Group Policy Changes
File Server Change Reporter / Permission Changes
SQL Server Change Reporter / Login Changes
SQL Server Change Reporter / Credential Changes
|
| 8. Assign a unique ID to each person with computer access
|
| 8.1 Assign all users with a unique user name before allowing them to access system components or cardholder data. |
Complete auditing of user logons to analyze violations and prevent
usage of the same ID by multiple persons (e.g. from different computers).
|
Event Log Manager
Logon Reporter
|
Event Log Manager / Logon Reporter
Logon Reporter / All logon reports
|
| 8.5.1 Control addition, deletion, and modification of user IDs, credentials and other identifier objects. |
Full auditing of user account creations, deletions, password resets, and modifications
to all user account attributes: in Active Directory and SQL Server.
|
AD Change Reporter
SQL Server Change Reporter
|
AD Change Reporter / User Accounts Created
AD Change Reporter / All Active Directory Changes
SQL Server Change Reporter / Login Changes
SQL Server Change Reporter / User Changes
|
| 8.5.2 Verify user identity before performing password resets. |
Web-based challenge-response system based on verification question/answer pairs selected
by users upon enrollment, with full control over the number of required verification answers.
The same data can be used by help desk personnel to assist with password resets on the phone.
|
Password Manager
|
Password Manager / User Enrollment on-demand report
|
| 8.5.3 Set first-time passwords to a unique value for each user and change immediately after the first use.
|
Auditing of all newly created user accounts and their initial attributes(including "must change at next logon") to prevent violations.
|
AD Change Reporter
|
AD Change Reporter / User Account Modifications
|
| 8.5.4 Immediately revoke access for any terminated users.
|
Auditing of disabled accounts, automated de-provisioning of inactive user accounts.
|
AD Change Reporter
Inactive Users Tracker
|
AD Change Reporter / Inactive Users
Inactive Users Tracker / Daily report
|
| 8.5.5 Remove or disable inactive user accounts at least every 90 days.
|
Automated disabling and removal with full reporting.
|
Inactive Users Tracker
|
Inactive Users Tracker / Daily report
|
| 8.5.6 Enable accounts used by vendors for remote maintenance only during the time period needed.
|
Auditing of account creation, enabling, disabling, and deletion, with timestamps to analyze their lifetime.
|
AD Change Reporter
SQL Server Change Reporter
|
AD Change Reporter / User Account Modifications
SQL Server Change Reporter / Login Changes
SQL Server Change Reporter / User Changes
|
| 8.5.7 Communicate password procedures and policies to all users who have access to cardholder data.
|
Automaticcustomizable reminders for expiring passwords, redirection to password requirements document if user enters "weak" password during reset.
|
Password Expiration Notifier
Password Manager
|
Password Expiration Notifier / Daily report, User notification reports
Password Manager / User Activity on-demand report
|
| 8.5.8 Do not use group, shared, or generic accounts and passwords.
|
Full auditing of account use (find all actions done under a shared accountand help eliminate its usage) and delegated access with account checkout/check-in concept.
|
AD Change Reporter
File Server Change Reporter
|
AD Change Reporter / All Active Directory Changes by User
File Server Change Reporter / All File Server Changes by User
|
| 8.5.9 Change user passwords at least every 90 days.
|
Audits changes to password policy settings in Active Directory, automatically reminds users about impending password expirations, provides easy way to change passwords to minimize the number of help desk calls.
|
Group Policy Change Reporter
Password Expiration Notifier
Password Manager
|
Group Policy Change Reporter / All Password Policy Changes
Password Expiration Notifier / Daily report
Password Manager / User Activity on-demand report
|
|
8.5.10- 8.5.12 Password complexity requirements (Require a minimum password length ofat least seven characters,
Use passwords containing both numeric and alphabetic characters, Do not allow an individual to submit a new password
that is the same as any of the last four passwords he or she has used).
|
Audits changes to password policies in Active Directory, implements self-service password reset functionality
to help users with forgotten passwords without involvement of help desk personnel.
|
Group Policy Change Reporter
Password Manager
|
Group Policy Change Reporter / All Password Policy Changes
Password Manager / User Activity on-demand report
|
| 8.5.13 Limit repeated access attempts by locking out the user ID after notmore than six attempts. |
Complements the built-in AD mechanism with extensive account lockout troubleshooting capabilities to resolve
false positives and prevent user frustration and system downtime. Auditing of account unlock and password reset
operations to monitor unauthorized access.
|
Account Lockout Examiner
|
AD Change Reporter / User Account Modifications
|
| 8.5.14 Set the lockout duration to thirty minutes or until administrator enables the user ID. |
Auditing of account lockout policy changes to prevent non-compliant policy changes. |
Group Policy Change Reporter
|
Group Policy Change Reporter / Account Lockout Policy Changes
|
|
8.5.16 Authenticate all access to any database containing cardholder data. This includes access by applications,
administrators, and all other users.
|
Auditing of changes to database logins and roles, SQL server security settings.
|
SQL Server Change Reporter
|
SQL Server Change Reporter / Login Changes, Roles Changes, Credential Changes, User Changes
|
| 10. Track and monitor all access tonetwork resources and cardholder data
|
| 10.1 Establish a process for linking all access to system components (especially those done with administrative privileges such as root) to each individual user.
|
Full features auditing and reporting of all administrative activity within Active Directory, Group Policy, file servers, virtualization environments, SQL Server, etc. Detection of who changed what, when, andwhere.
|
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
Group Policy Change Reporter / All Group Policy Changes
SQL Server Change Reporter / All SQL Server Changes
File Server Change Reporter / All File Server Changes
Change Reporter for VMware / All VMware Changes
|
| 10.2 Implement automated audit trails to reconstruct the required events.
|
Complete audit trail processing capabilities for servers and workstations, both user-initiated and administrative activity.
|
Event Log Manager
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes
Event Log Manager / All Events by Date
|
| 10.3 Record at least the following audit trail entries for all system components for each event: User identification, Type of event, Date and time, Success or failure indication, Origination of event, Identity or name of affected data, system component, or resource.
|
Full information of every change: who changed what, when, where, in Active Directory, File Server, virtual machines, SQL Servers.
|
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes
|
| 10.5 Secure audit trails so they cannot be altered.
|
Securable file-based storage with optional SQL Server storage. Full featured rolebased access to all reports. Centralized collection, archiving, and consolidation of event logs to secure file-based storage.
|
All modules
|
All reports
|
| 10.6 Review logs for all system components at least daily.
|
Full-featured web-based reporting functionality with predefined reports and ability to create custom reports on any type of collected data. Out-of-the box reports scheduled daily and sent via e-mail for review.
|
All modules
|
All reports
|
| 10.7 Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
|
Unlimited storage capabilities with efficient storage use to store up to 8 years of past audit trails and history of changes to system components and security settings. Full-featured web-based reporting for immediate access to all required data.
|
Event Log Manager
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
All reports
|
