The solution now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance. Qualys is an Approved Scanning Vendor (ASV).
Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers’ sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting.
The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.
“Implementing PCI DSS controls, passing a PCI assessment, and then maintaining PCI DSS compliance in the face of changes present a critical challenge for all organizations subject to PCI mandates. As the standard itself evolves in parallel with IT and the business environment, the need for actionable guidance on how to deal with such ever-present change can only grow,” said Anton Chuvakin, research director at Gartner.
QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:
- Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
- Perform unlimited PCI scanning on both external and internal systems and Web applications.
- Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
- Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.