I have a customer at an airport. For security I cannot disclose more.
They need to get a good PCI compliance solution setup. In addition to that, they have listed some requirements and asked some good questions.
Question 1 - Can spiceworks be used or intergrated as part of the PCI compliance auditing? What about JUST using Spiceworks for this?
Requirements:
Low cost (under $20k).
Needs to monitor critical files for changes and integrity (some form of auditing).
Needs to ensure that device configs (firewalls switches etc) and servers do not get changed or actively notify when a change occurs.
Keep logs for 3 months.
------------------------------------------------------------------------------------------------------------
They have looked at several options and most are around $20k.
I have considered recommending Tenable to them, but I don't know enough about it.
What will best meet our goals? PLEASE ONLY THOSE WHO HAVE IMPLEMENTED PCI COMPLIANCE BEFORE!!!!