Per the Payment Card Industry (PCI) Data Security Standard (DSS), any organization that stores, processes, or transmits cardholder data must meet the 12 requirements of the PCI DSS standard.
If for example, one of your IBM i partitions services a Web site that takes cardholder data and processes it, stores it, or transmits it to a bank, that partition will fall within the scope of PCI DSS and must meet each of the standard’s requirements. PCI compliance is also required if your credit card processing is on a different machine that’s on the same network and subnet as your IBM i partition. Lack of compliance with PCI DSS can result in legal penalties and fines.
Today let’s look at requirement 5 of the PCI DSS standard (Maintain a Vulnerability Management Program) which discusses the standard’s requirement for anti-virus software, and review how requirement 5 relates to an IBM i system. For more information on requirement 5 and the entire PCI DSS standard, check out the PCI Security Standards Council’s PCI DSS Quick Reference Guide.
What the PCI DSS standard says about anti-virus software
PCI DSS requirement 5 is very clear about using anti-virus software on hardware systems that are in scope for the standard. It says:
“Anti-virus software must be used on all systems affected by malware to protect systems from current and evolving malicious software threats.”
To remain in scope for PCI DSS requirement 5, your partition has to meet these two requirements.
Requirement 5.1: Deploy anti-virus software on all systems affected by malicious software (particularly personal computers and servers).
Requirement 5.2: Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs.
What to look for in IBM i anti-virus software
For an IBM i partition, achieving PCI DSS requirement 5 compliance means running anti-virus software against the partition’s IBM i Integrated File System (IFS) IBM i anti-virus software is also a good idea even if you’re not covered under PCI DSS, because there are several ways viruses and malware can affect your IBM i systems. Several third-party vendors offer IBM i anti-virus solutions that are PCI DSS compliant, including SEA’s iSecurity Anti-Virus.
Some of the more critical features to look for in IBM i anti-virus software include:
- Virus, malware, and ransomware detection
- Continuously updated virus signatures that don’t require a subscription charge to obtain upgrades
- Logging of anti-virus software activity in activity log files that can be audited when a breach occurs
- Automatic scanning when files are written to or updated on your IBM i partition
- The ability to quarantine, delete, or mark infected files
- Real-time alert messaging when virus, malware, or ransomware infection is detected
- Scanning for malicious code
- Scanning for e-mail attachments when an IBM i is used as an email server, including IBM Domino email
- Support for running under the IBM Portable Applications Solutions Environment for i (PASE), where your anti-virus software can run as an AIX application under the IBM i operating system. Running virus checking under PASE can be significantly faster than running it under the IBM i operating system.
It’s also important to run IBM i-based anti-virus software rather than using an anti-virus package on a Windows or Linux server that scans your IFS folders using a mapped drive. Non-IBM i packages may not be able to get to all of your IFS data. IBM i anti-virus packages run natively under your IBM i operating systems and they can scan all of your IFS folders and perform other native capabilities that an off-site server may not be able to handle.
Backup: added protection against ransomware
Another overlooked component of IBM i anti-virus checking is frequent backups to support ransomware protection. If a Windows machine maps one of its folders to an IFS drive and that drive gets hit by ransomware, IFS files can become encrypted and their file names can be changed so that you can’t even tell whether the encrypted file is a PDF, a spreadsheet, or a Word document. When ransomware hits, you have two choices: you can pay the hacker to unlock your files or you can restore your files from an earlier backup. Frequent IFS backups protect you in the event a new ransomware virus slips past your anti-virus protection and you need to restore corrupted IFS files.
IBM i partitions need anti-virus protection both for safety and to remain in compliance with standards such as PCI DSS. Please feel free to contact us at SEA software for more information on how to guard your IBM i data against viruses.
