What is the difference between performing PCI certified quarterly external network scan and compliance with the DSS?
The DSS is a standard that outlines a number of requirements that all merchants and service providers must comply with. A quarterly network PCI scan is one of the actions that must be taken to fulfill Requirement 11 of the DSS. This PCI scan must be conducted by a PCI certified Authorized Scanning Vendor (ASV) and will result in a PCI scan report indicating whether an organization’s internet-facing resources are properly secured. If the ASV locates serious vulnerabilities on internet-facing systems, then the scanning report will state that the organization is not compliant. The organization will then have to take corrective actions and have their network re-scanned until they are found to be compliant by the ASV.
Related Questions
- What is the difference between performing PCI certified quarterly external network scan and compliance with the DSS?
- What if I have already performed my PCI Compliance self?assessment questionnaire (and applicable quarterly scans)?
- What happens if I complete and pass the PCI Compliance Scan and/or Questionnaire?
