Documentation Center
AlienVault® USM Appliance™

PCI DSS 3.2 Requirement 8: Identify and Authenticate Access to System Components

Applies to Product: USM Appliance™ AlienVault OSSIM®

Testing Procedure

How USM Appliance Delivers

USM Appliance Instructions

USM Appliance Documentation

8.1.6.a For a sample of system components, inspect system configuration settings to verify that authentication parameters are set to require that user accounts be locked out after not more than six invalid logon attempts.

In USM Appliance you can view bruteforce logon events to see if they trigger an account lockout, or view account lockout events to see how many times they failed to log on.

USM Appliance will generate bruteforce authentication alarms.

Observe USM Appliance bruteforce authentication alarms for notification of login attempts that exceed lockout limitations.

Reviewing Alarms as a List

8.1.7 For a sample of system components, inspect system configuration settings to verify that password parameters are set to require that once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the account.

In USM Appliance you can view bruteforce logon events to see if they trigger an account lockout, or view account lockout events to see how many times they failed to log on.

USM Appliance detects account lockouts and provides visibility into the next subsequent login to verify that minimum lockout duration is satisfied.

Security Events View

8.5.a For a sample of system components, examine user ID lists to verify the following:
• Generic user IDs are disabled or removed.
• Shared user IDs for system administration activities and other critical functions do not exist.
• Shared and generic user IDs are not used to administer any system components.

Configure Vulnerability Scans in USM Appliance to test security parameters for Linux and Windows servers.

Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option.  Then enable the appropriate checks in scanning profile for target host.

Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.

Performing Vulnerability Scans

Export successful scan results and identify findings to determine if system is configured correctly.

Viewing the Scan Results