Qualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements.


The solution now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance. Qualys is an Approved Scanning Vendor (ASV).

Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers’ sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting.

The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.

“Implementing PCI DSS controls, passing a PCI assessment, and then maintaining PCI DSS compliance in the face of changes present a critical challenge for all organizations subject to PCI mandates. As the standard itself evolves in parallel with IT and the business environment, the need for actionable guidance on how to deal with such ever-present change can only grow,” said Anton Chuvakin, research director at Gartner.

QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:

• Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
• Perform unlimited PCI scanning on both external and internal systems and Web applications.
• Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
• Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.

“The QualysGuard PCI Cloud Platform is now used by more than 69 percent of ASVs, 50 percent of QSAs and 2,000 organizations worldwide, and with this new release provides a unified solution to address both internal and external PCI DSS scanning requirements,” said Philippe Courtot, chairman and CEO for Qualys. “Because it is cloud-based, it offers an easy-to use, cost-effective solution helping companies of all sizes continuously meet PCI DSS standards to secure their data and IT assets from cyber attacks.”