The Payment Card Industry (PCI) Compliance module helps merchants and their consultants evaluate the security of credit card payment systems that process, transmit and store cardholder data, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). When this module is enabled in your account, follow the steps below to meet the PCI DSS requirements.
Note: The PCI Compliance module may not be enabled in your account. Please contact support if you are interested in using this feature.
Perform a vulnerability scan using the option profile titled "Payment Card Industry Options". This system-provided option profile includes configuration settings that are optimized to test compliance with the PCI Data Security Standard requirements. The scan analyzes target hosts to identify open vulnerabilities that must be fixed for PCI compliance. The PCI scan results are saved on the scan history list. Note that PCI scan results are automatically saved on your scan history list for 2 years and cannot be deleted during this time.
Run the PCI Technical Report for a completed PCI scan to view the vulnerabilities detected by the scan and your compliance status. By reviewing the technical data in this report you can quickly eliminate vulnerabilities that prevent you from meeting PCI compliance requirements. A compliance status of PASS for a single host/IP indicates that no vulnerabilities or potential vulnerabilities, as defined by the PCI DSS compliance standards, were detected on the host.
You can run this report from the report history list (when Report Share is enabled) or from the report templates list (when Report Share is not enabled).
After remediation, run another PCI scan on the same target hosts. The PCI scan analyzes the target hosts for vulnerabilities again and validates that previously detected vulnerabilities have been fixed. You may need to repeat Steps 1 through 3 until all previously detected vulnerabilities are verified as fixed.
Select the Share Scan with PCI option to share a completed PCI scan with your PCI Merchant account. Then log into your PCI account, generate a PCI network report and complete the required actions for PCI certification: 1) submit the report to your ASV for approval, and 2) once approved, submit the report to your acquiring banks. You can share any completed PCI scan on your scan history list with the PCI Merchant accounts that you have linked to.