PCI DSS compliance
Vulnerability Scanning has been removed (293156)
Vulnerability scanning can now be done from FortiClient.
PCI DSS Compliance Check Support (270014)
FortiOS 5.4 allows you to run a compliance check either on demand or according to a schedule that automatically checks PCI DSS compliance at the global or VDOM level. The compliance check determines whether the FortiGate is compliant with each PCI DSS requirement by displaying an ‘X’ next to the non-compliant entries in the GUI logs.
Go to System > Advanced > Compliance, turn on compliance checking and configure a daily time to run the compliance check. Or you can select Run Now to run the compliance check on demand.
Go to Log & Report > Compliance Events to view compliance checking log messages that show the results of running compliance checks.
How can you tell which policy or specific configuration the compliance check is failing on? For example, I see this in the compliance events, Check that Spyware / Malicious sites are being blocked by a WF policy however I have Spyware blocked in the WF config and it’s applied to each policy. When looking at the even in the log, it doesn’t specific point to a policy or configuration, it just simply states it failed that check.