Control Compliance Suite

 View Only
  • 1.  Is the PCI Template included in the Standards Module? CCS Version 8

    Posted Jul 23, 2010 12:38 AM
    We need to run a report based on PCI compliance. Is the PCI Standard Included, or do we need to buy it?


  • 2.  RE: Is the PCI Template included in the Standards Module? CCS Version 8

    Posted Jul 26, 2010 01:36 PM

    I think version 8 was pre symantec wasn't it? Are you using version 9 or 10?

    In version 9.01 and I believe in 10 there are PCI templates in the standards module



  • 3.  RE: Is the PCI Template included in the Standards Module? CCS Version 8
    Best Answer

    Posted Jul 28, 2010 07:18 PM
    Hello, I am confused by the question itself. What type of report do you have to run, and what is the purpose of the report, such as audit-readiness, or internal evidence for PCI compliance? PCI has been built on 12 requirement blocks, and Control Compliance Suite (CCS) Standards Module can just help on a few of them. I.e. the asset system within CCS is designed to allow you to organize your environment so you can take a risk-based approach to maintain PCI, in particular requirement 6.1. Standards Manager itself will help you with requirement 2.2 (Develop configuration standards for all system components). Standards module contains the PCI DSS 1.2 Standard using CIS best practices, which can be customised to meet your organisations needs. The built in entitlement module can help with PCI requirement 7.
    There are much more requirements in PCI, i.e. 6.2, which is covered by CCS Vulnerability Manager, or requirement 12, which is covered by CCS Policy Manager. Many PCI requirements are not covered by technical controls. They require human attestation, which are usually questionnaire-base. CCS Response Assement Module comes with PCI DSS 1.1 and 1.2 questionnaire templates ready to use but also customisable.
    Regarding the version, CCS 8.6 is still supported and includes PCI DSS 1.2 updates. So you should see the standard in your CCS 8.6 standards module. The benefit of version 10 is the introduction of dynamic dashboarding, which gives you much better visual reporting capabilities, as well as the data evidence integration of third party solutions.
    There is a very good whitepaper which will give you more details about the question which module in CCS covers what PCI requirement. Please download the whitepaper on https://www4.symantec.com/Vrt/offer?a_id=78474.

    Please don"t hesitate to contact me, so we can discuss your PCI requirements in details.



  • 4.  RE: Is the PCI Template included in the Standards Module? CCS Version 8

    Posted Jul 31, 2010 06:49 PM

    Hi,
    Thank you.
    I'll check on the white paper and evaluate upgrading to version 10.