What criteria causes a Passed or Failed compliance status in my PCI reports?
For ‘Step 1: Questionnaire’, an incomplete self-assessment or a completed self-assessment with one or more non-compliant responses. For ‘Step 2: Scan Hosts’, no completed scans, a completed scan that was blocked (risk level ‘None’) or a completed scan with at least one host scanned that has a risk level of ‘High’ or greater.
The PCI Compliance Service produces reports that include an overall PCI compliance status of Passed or Failed. An overall PCI compliance status of Passed indicates that all hosts in the report passed the PCI DSS compliance standards set by the PCI Council. A host compliance status is provided for each host. A PCI compliance status of Passed for a single host/IP indicates that no vulnerabilities or potential vulnerabilities, as defined by the PCI DSS compliance standards set by the PCI Council, were detected on the host. The criteria used to calculate a passed or failed compliance status can be found at http://www.qualys.
Related Questions
- Now that the PCI Security Standard Council has been formed, what is the status of the existing reports of compliance (ROCS) that I currently have on file with the individual payment brands?
- How can I contact WCC with a question about self-insurance requirements or insurer compliance reports?
- What criteria causes a Passed or Failed compliance status in my PCI reports?
