PCI 5:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Requirement 5: Use and regularly update anti-virus software. == | |||
<br> | <br> | ||
* Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all email systems and desktops to protect systems from malicious software. | * Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all email systems and desktops to protect systems from malicious software. | ||
Line 5: | Line 7: | ||
<br> | <br> | ||
::[[Image:Key-control.jpg]][[PCI-5.1:|PCI-5.1 Deploy anti-virus mechanisms on all systems commonly affected by viruses (e.g. PC’s and servers).]]<br> | ::[[Image:Key-control.jpg]][[PCI-5.1:|PCI-5.1 Deploy anti-virus mechanisms on all systems commonly affected by viruses (e.g. PC’s and servers).]]<br> | ||
<br> | |||
::For the sample of (insert number and/or description of sample) system components, verify that anti-virus software is installed.<br> | |||
<br> | <br> | ||
---- | ---- | ||
<br> | <br> | ||
::[[Image:Key-control.jpg]][[PCI-5.2:|PCI-5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs.]]<br> | ::[[Image:Key-control.jpg]][[PCI-5.2:|PCI-5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs.]]<br> | ||
<br> | |||
::To verify that anti-virus software is current as of (insert as-of date), actively running, and capable of generating logs, perform the following:<br> | |||
<br> | |||
::* Obtain and review the policy requiring updates to anti-virus software and definitions. | |||
::* Verify that the master installation of the software is enabled for automatic updates and periodic scans, and that the servers examined at 5.1 above have these features enabled. | |||
::* Verify that log generation is enabled and that the logs are being retained in accordance with the company’s retention policy. | |||
<br> | <br> | ||
--[[User:Mdpeters|Mdpeters]] 10:18, 7 July 2006 (EDT) | --[[User:Mdpeters|Mdpeters]] 10:18, 7 July 2006 (EDT) |
Latest revision as of 18:10, 28 February 2007
Requirement 5: Use and regularly update anti-virus software.
- Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all email systems and desktops to protect systems from malicious software.
- For the sample of (insert number and/or description of sample) system components, verify that anti-virus software is installed.
- For the sample of (insert number and/or description of sample) system components, verify that anti-virus software is installed.
- To verify that anti-virus software is current as of (insert as-of date), actively running, and capable of generating logs, perform the following:
- To verify that anti-virus software is current as of (insert as-of date), actively running, and capable of generating logs, perform the following:
- Obtain and review the policy requiring updates to anti-virus software and definitions.
- Verify that the master installation of the software is enabled for automatic updates and periodic scans, and that the servers examined at 5.1 above have these features enabled.
- Verify that log generation is enabled and that the logs are being retained in accordance with the company’s retention policy.
--Mdpeters 10:18, 7 July 2006 (EDT)