/
PCI 3.0 Rule Testing
Document toolboxDocument toolbox

PCI 3.0 Rule Testing

Owned by Panna .
Nov 22, 2022
1 min read

NetMRI policies support the Payment Card Industry (PCI) 3.0 standard. The defined policies for PCI, including PCI 3.0, consist of the following:

  • PCI DSS 1.2 IOS

  • PCI DSS 2.0 IOS

  • PCI 3.0 IOS/NX-OS

The PCI 3.0 policies support Cisco IOS and Cisco NX-OS devices. For policy execution, devices must be configured to conform to PCI 3.0 standards. NetMRI can use PCI 3.0 policies to test for the following:

  • Minimum password length: enforced to be at least 7 characters long.

  • Password strength: Password should contain numeric and alphabetic characters or password strength validation should be enabled

  • Disabled Small TCP and Small UDP services

  • Disabled Finger, BOOTP, and Identd services on Cisco IOS devices

  • Disabled CDP, HTTP, NTP on Cisco IOS and Cisco Nexus devices

  • Exec-timeout on console port and on VTY port should be set to 15 minutes or less on IOS and Nexus

  • Enable login on console port;

  • Allow Enable passwords on console port;

  • Two factor authorization is activated;

  • Enable Logging timestamp;

  • Disable MOP on all Ethernet interfaces;

  • Disable Packet assembler/disassembler (PAD) on X.25 links on IOS.

  • Disable configuration autoloading for IOS devices;

  • Disable source routing on IOS and Nexus;

  • Inbound access class should be set on VTY ports;

  • SSH only transport should be set on VTY ports for IOS;

  • AAA authentication should be enabled for VTY ports on IOS;

  • Secrets should be used for local users on IOS and Nexus;

  • SNMP v1 and v2c should be disabled on IOS and Nexus.