[PCI DSS 1.x] 2.2 Develop configuration standards for all system components. Assure that these standards

[PCI-DSS] 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.

[ul]
[li] 2.2.a Examine the organization’s system configuration standards for all types of system components and verify the system configuration standards are consistent with industry-accepted hardening standards–for example, SysAdmin Audit Network Security (SANS), National Institute of Standards Technology (NIST), and Center for Internet Security (CIS).[/li][li] 2.2.b Verify that system configuration standards include each item below (at 2.2.1 - 2.2.4).[/li][li] 2.2.c Verify that system configuration standards are applied when new systems are configured.[/li][/ul]

I am new to PCI DSS and this forum. Please bear with me.

Where can I find a detailed action item for 2.2 compliance ? My requirement is for Network devices, Windows Servers, Desktops- Windows XP, MACOS. As I understand this is BASELINE CONFIGURATION What we want to achieve.

How about CIS Benchmarks?
CIS Benchmarks

1 Like

Thanks Yuk I am going through it.

hello, can someone advice on how to test requirement 2.1.1.d please?