Use Case: Assess Assets with Suspicious Communication
Use Policy Monitor to identify PCI section 10 compliance by tracking, logging, and displaying access to network assets.
JSA Risk Manager can help to identify PCI section 10 compliance by identifying assets in the topology that allow questionable or risky communications. JSA Risk Manager can examine these assets for actual communications or possible communications. Actual communications display assets that used your question criteria to communicate. Possible communications display assets that can use your question criteria to communicate.
PCI section 10 questions can include the following criteria:
Assets that allow incoming questions to internal networks.
Assets that communicate from untrusted locations to trusted locations.
Assets that communicate from a VPN to trusted locations.
Assets that allow unencrypted out-of-policy protocols within a trusted location.
Finding Assets That Allow Communication
You can find assets that allow communication from the Internet.
JSA Risk Manager evaluates the question and displays the results of any internal assets that allow inbound connections from the Internet. Security professionals, administrators, or auditors in your network can approve communications to assets that don't represent risk in your network. As more events are generated, you can create offenses in JSA to monitor this type of risky communication.
- Click the Risks tab.
- On the navigation menu, click Policy Monitor.
- From the Group list, select PCI 10.
- Select the test question Assess any inbound connections from the Internet to anywhere on the internal network.
- Click Submit Question.