|
You run the PCI Executive Report to see your overall PCI compliance status and the PCI compliance status for each scanned host (you choose a PCI scan at run time).
No. Starting September 1st, 2010, this report can no longer be used to demonstrate compliance with the PCI Data Security Standard. Please use the Share with PCI feature to share a PCI scan with your PCI Merchant account in order to generate a PCI network report and complete the required actions for PCI certification.
Go to VM/VMDR > Reports > Templates. Find the Payment Card Industry (PCI) Executive Report template and select Run from the Quick Actions menu.
Why don't I see this template?Why don't I see this template?
It's available only when the PCI compliance feature is enabled for your subscription.
The PCI Executive Report does not include the list of vulnerabilities detected on each host. To see that level of detail, please run the PCI Technical Report.
The overall compliance status is PASS when all hosts in the report passed the PCI compliance requirements. The status is FAIL when at least one host in the report failed the PCI compliance requirements.
The host's security risk rating is equal to the highest severity level detected on the host. This is used when determining whether the host passed or failed.
The vulnerabilities with the FAIL status must be remediated to pass the PCI compliance requirements. The vulnerabilities that do not show a PCI status are not in scope for PCI, but we do recommend that you fix them in order of severity.
We use the PCI severity level and other criteria, as defined by the PCI Security Standards Council, to determine whether a detected vulnerability passes or fails the PCI compliance requirements. Please note that the PCI severity level, based on CVSS score, is not the only criteria used to calculate a vulnerability's pass/fail status. A vulnerability may pass or fail PCI compliance based on the type of exploit. For example, a denial of service vulnerability will pass PCI compliance regardless of its CVSS score.
Tell me about the PCI severity levelTell me about the PCI severity level
The PCI severity level appears as: HIGH, MEDIUM or LOW. This severity is calculated based on the CVSS version 2.0 score assigned to the vulnerability.
CVSS v2 Score |
Severity |
Compliance |
7.0 through 10.0 |
High |
Fail |
4.0 through 6.9 |
Medium |
Fail |
0.0 through 3.9 |
Low |
Pass |
Tell me about the reasonsTell me about the reasons
The service lists reasons for passing or failing PCI compliance to help you understand the PCI compliance status. Note the service is compliant with the requirements in PCI ASV Program Guide. Reasons are listed when the CVSS scoring feature is turned on for your subscription. Go to VM/VMDR > Reports > Setup > CVSS to turn on this feature.
Go to File > Download from within the report to download and save your report as a PDF document. We will automatically expand individual host details before saving your report.