Pci Network Scan Requirements

In order to qualify for payment card industry data security standards pci dss you must have your internal and external networks scanned with an approved pci dss scanning vendor.

Pci network scan requirements.

11 2 run internal and external network vulnerability scans at least quarterly and after any significant change in the network such as new system component installations changes in network topology firewall rule modifications product upgrades. If scans are unsuccessful rescans are required until a passing scan is achieved. Pci dss requirement 1. Pci requirement 11 2 2 calls for all merchants to run internal and external network vulnerability scans at least quarterly and following changes to their network infrastructure to achieve compliance.

Let s see what a pci compliance scan is made of. For most businesses pci scanning must be conducted by an approved scanning vendor asv at least quarterly as well as following any major change to your environment. The pci dss section that deals with network vulnerability scanning is requirement 11 2. The first requirement of the pci dss is to protect your system with firewalls.

It states that you need to run internal and external network vulnerability scans at least quarterly and after any significant change in the network scans need to be run by qualified internal or external parties. Decemberinformation supplement guidance for pci dss scoping and network segmentation 2016 the intent of this document is to provide supplemental information. Protect your system with firewalls. Properly configured firewalls protect your card data environment.

Pci requires three types of network scanning requirement 11 2 covers scanning. An ongoing requirement of the pci compliance process involves having your payment card environment scanned for security vulnerabilities. All external ips and domains exposed in the cde are required to be scanned by a pci approved scanning vendor asv at least quarterly. An asv is an organization with a set of security services and tools asv scan solution to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of pci dss requirement 11 2 2.

Certified pci asv attestations for your quarterly compliance. Pci dss requires two independent methods of pci scanning. Our server security pci compliance scan meets or exceeds all the requirements for tier 3 and tier 4 pci compliance most small to medium businesses get all around security with the help of our advanced scanning solutions. An external vulnerability scan is performed outside of your network and it identifies known weaknesses in network structures.

Our external network vulnerability scans are certified to meet or exceed all the rigorous requirements of the pci asv scanning standards. A pci compliance scan is a necessary evil that you must take care of. Firewalls restrict incoming and outgoing network traffic through rules and criteria configured by your organization. Information provided here does not replace or supersede requirements in any pci ssc standard.