PCI 3.0 Rule Testing
- Viktoryia Varapayeva (Deactivated)
NetMRI policies support the Payment Card Industry (PCI) 3.0 standard. The defined policies for PCI, including PCI 3.0, consist of the following:
PCI DSS 1.2 IOS
PCI DSS 2.0 IOS
PCI 3.0 IOS/NX-OS
The PCI 3.0 policies support Cisco IOS and Cisco NX-OS devices. For policy execution, devices must be configured to conform to PCI 3.0 standards. NetMRI can use PCI 3.0 policies to test for the following:
Minimum password length: enforced to be at least 7 characters long.
Password strength: Password should contain numeric and alphabetic characters or password strength validation should be enabled
Disabled Small TCP and Small UDP services
Disabled Finger, BOOTP, and Identd services on Cisco IOS devices
Disabled CDP, HTTP, NTP on Cisco IOS and Cisco Nexus devices
Exec-timeouton console port and on VTY port should be set to 15 minutes or less on IOS and NexusEnable login on console port;
Allow Enable passwords on console port;
Two factor authorization is activated;
Enable Logging timestamp;
Disable MOP on all Ethernet interfaces;
Disable Packet assembler/disassembler (PAD) on X.25 links on IOS.
Disable configuration autoloading for IOS devices;
Disable source routing on IOS and Nexus;
Inbound access class should be set on VTY ports;
SSH only transport should be set on VTY ports for IOS;
AAA authentication should be enabled for VTY ports on IOS;
Secrets should be used for local users on IOS and Nexus;
SNMP v1 and v2c should be disabled on IOS and Nexus.