Active Directory

What you need to audit in your Active Directory to meet PCI Compliance

What you need to audit in your Active Directory to meet PCI Compliance

PCI compliance governs all technical and functional aspects of systems that process cardholder data. If your enterprise falls into this category, it must comply with PCI regulations. PCI benefits businesses in numerous ways; including bolstering reputation, customer trust and business continuity. In this article, I will go over some of the important things you will need to audit in order for you to meet PCI compliance. You can either use pre-defined PowerShell Scripts, available online from trusted sources, or use a third-party solution to generate the required reports.

1. Track audit policy and group policy modifications

Admins should ensure that only authorized persons have access to cardholder data. They can ensure this by configuring proper audit policies and group policies. Admins must also make sure to track every change made to these audit policies and group policies. The PCI auditors want to see clearly in reports when an audit policy is changed, by whom and from which system.

2. User expiry notifications

Let’s say a privileged user has been created to do a specific task with PCI data for a limited period. Admins must monitor the actions of such users and track when these accounts are going to expire. The reports should provide information on user expiry so that admins are aware if any privileged user has unofficially extended their stint at the organization.

3. Workstation restrictions modification

Not everybody in the company can have the same levels of access. Workstation restriction ensures that only members of a privileged group have access to systems that store PCI data. An administrator can generate a Workstation Restriction Modification report, which will help raise awareness of any users in privileged groups who have access to sensitive data they shouldn’t have.

4. Audit Group membership modifications

Administrators should track all privileged accesses to files and databases. They can ensure this by tracking group membership changes, user creations, new privilege grants and restricting usage of shared privileged accounts. The system should also inform security professionals in real-time through alerts based on log events.

5. Audit computer creation, deletion and modification

Track all events related to computer creation, deletion and modification. Audit information on all recently created, deleted and modified computers should be available with all relevant details.

6. Audit policy changes

Tracking audit policy changes enables you to record every incidence of a change to user rights assignment policies, audit policies or trust policies. If you define this policy, the Administrator can decide whether to audit successes, failures or not to audit the event type at all. Use the Event Viewer to monitor all events of this category in the systems that store PCI data. If IT managers find any unwanted changes, they can investigate further to find the cause.

7. Audit trust policy modification

Essentially, auditors want you to be able to demonstrate that you have the capability to track changes in domain trusts, so that you can block unrestricted access to a domain from other domains.

8. Track user status changes

Whenever a user with access to PCI data is enabled, disabled, locked or unlocked, it must be logged and alerted on in real-time. Relevant reports can also be generated and sent to the required administrators the instant any of these changes occur.

Conclusion

After you have enabled auditing for the above objects, you must test the efficacy of the measures to ensure that they are fully effective. You should run the tests under different conditions, and if any unwanted event occurs, the admin should immediately know about the events through real-time alerts. As mentioned earlier in the article, you can simplify PCI auditing through third-party solutions. If you want more information about the benefits of such solutions, feel free to ask me in the comment section.

So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!

Recommended content

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Group Policy Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

What is Netlogon Folder in Active Directory

How to Create Custom Attributes in Active Directory

How Can I Check the Tombstone Lifetime of My Active Directory Forest

How to Determine a Computers AD Site From the Command Line

How to Check the Active Directory Database Integrity

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button