Is the Network Security Scan only applicable to e-commerce entities?
No. The System Perimeter Scan is applicable to all merchants and service providers with external-facing IP addresses. Even if an entity does not offer Web-based transactions, there are other services that make systems Internet accessible. Basic functions such as e-mail and employee Internet access will result in the Internet-accessibility of a companys network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled.
No. The network security scan is applicable to all merchants and service providers with Web addresses that can be accessed from outside the company walls. Even if an entity does not offer Web-based transactions, there are other services that make systems Internet accessible. Even email or employee Internet access makes your network vulnerable. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled. Merchants and service providers without any external-facing Internet provider web addresses are only required to complete the Report On Compliance (ROC) or the Compliance Questionnaire, as appropriate.
