Most organizations that are required to undergo PCI audits struggle to meet three main challenges: initial assessment, gathering compliance data, and maintaining a continuous compliance posture. FireMon is a full-featured solution that addresses each of these by providing the following:

Initial Assessment

FireMon assesses firewall configurations for non-compliant access based on 15 PCI DSS 1.2 requirements, specifically requirements 1 and 2. At a high level, these requirements mandate that organizations "Build and maintain a secure network." At a more detailed level, the requirements describe the access that should or should not be permitted between networks.

FireMon PCI Assessment analyzes firewall configurations for those rules that control traffic between network zones. Using your organization’s unique access requirements, you can customize the assessment with the services that should be explicitly allowed. Based on your settings, FireMon determines if the configuration fails or passes each standard, provides details of access violations, and offers suggestions on how to remediate the violation or how to maintain compliance.

Meaningful and Actionable Compliance Data

Data
One critical aspect of compliance is an organization’s documentation or justification of the firewall rule base. FireMon’s Rule Documentation feature is both an interface and repository for ongoing justification that enables you to provide documentation with less effort in less time.

Instead of vendor-supplied comment fields that are too small, or spreadsheets that grow unmanageable, you can justify the rule within the visual context of the rule base. Define the critical meta data about rule, including business justification, business owner, and expiration date. This meta data is immediately, automatically and permanently associated with the rule, so even if the rule changes, the relationship with its justification remains intact. And you can display and disseminaterule documentation as stand-alone reports or as supporting detail in other reports.

Continuous PCI Compliance Posture

Even after the initial PCI assessment and documentation, firewall access will continue to change. With automated PCI assessments and documentation of change, you can ensure that access changes don’t render the firewall non-compliant.

A regularly recurring PCI assessment tests firewall configurations at scheduled intervals. As with other reports, FireMon can email the report in HTML or PDF format.

As changes are implemented, FireMon creates a running list of modifications called Audit Log. The Audit Log is also an interface and repository for meta data that explains, justifies and helps you track a change. You can enter meta data about the change, including requestor, approver, or change control number. This list of modifications and supporting documentation create the history of a rule, which you can view any time by running a Rule History Report.