topic Re: OpenVMS & PCI DSS SEM or SIEM in Operating System - OpenVMS

OpenVMS & PCI DSS SEM or SIEM

Hejib — Tue, 13 May 2008 07:44:08 GMT

Hi, we're being asked to comply to Payment Card Industry Data Security Standard with some of our OpenVMS systems. (Other groups are using RSA's enVision, which doesn't appear to support OpenVMS.)
I suspect someone(!) must have been down this route before - any 3rd party products or tips available?
Thank you.

Re: OpenVMS & PCI DSS SEM or SIEM

Ian Miller. — Tue, 13 May 2008 09:12:17 GMT

On current VMS systems AES encryption is built in - this may help.

Re: OpenVMS & PCI DSS SEM or SIEM

Wim Van den Wyngaert — Tue, 13 May 2008 09:30:42 GMT

Here is a list of vendors of security scanning software. Now find the one that supports VMS ...
https://www.pcisecuritystandards.org/pdfs/asv_report.html

Wim

Re: OpenVMS & PCI DSS SEM or SIEM

patriceiggy — Mon, 23 Jun 2008 14:44:51 GMT

I'm also being asked to comply with PCI on OpenVMS, and the only tool I've found is PointAudit, but you have to build the mapping to the PCI standard as it does not come with a ready-made template. I've also tried to look at the DISA checklist, but I only know Unix so I'm not sure how to properly translate it. I have a PCI template from the Tripwire for Solaris product we run, so I'm trying to reverse engineer that into the correct OpenVMS requirements. Please let me know if you come up with anything better as it's quite time-consuming to try to kludge this stuff together.

Re: OpenVMS & PCI DSS SEM or SIEM

Hoff — Mon, 23 Jun 2008 17:06:50 GMT

Please pick one spot.

You've started your own PCI thread going over in:

http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1243195

which is probably the best spot to continue this discussion of your question, as you have the ability to "manage" that ITRC thread, unlike this one.

Re: OpenVMS & PCI DSS SEM or SIEM

danielprice — Fri, 04 Jul 2008 14:10:47 GMT

I think what Graham is talking about is compliance for the monitoring of audit logs. We are also considering RSA's enVision and are wondering if there is a easy way to import the OpenVMS audit et accounting logs in this or any other SIEM tool.

Re: OpenVMS & PCI DSS SEM or SIEM

Hoff — Fri, 04 Jul 2008 20:00:16 GMT

The audit log file format is documented, as are the messages you receive if you tap directly into the audit server with a listener mailbox.

Unless there's an existing converter, you'll have to write one, or contract with somebody to write one for you.

There are folks around that have written syslog clients, for instance.

(I'm not aware of a commercial offering, but then I also haven't specifically gone looking for one and but can only assume you already have.)

Please do consider starting your own thread for this, rather than "threadjacking" -- while rather similar, this isn't (to my eye) exactly the same question. You can also better control your own thread, and you'll end up with a thread title that better matches your goal.