To meet compliance with the PCI Data Security Standard, external vulnerability scans must be run on a quarterly basis against all of your Internet facing networks and systems that are in scope for PCI compliance.
A few things to consider... |
Be sure that there are IP addresses in your account for scanning IPs, and DNS hosts in your account for scanning by DNS. See: Manage Your IP Assets | Manage Your DNS Hosts |
We recommend you run a discovery scan (go to Network > Discovery) in order to find IPs that are active and connected to the Internet. Then add the discovered IPs to your account. |
Depending on your network, it may be necessary to add the service's scanner IPs to your list of trusted IPs, so the service can send probes to your in-scope system components. Learn more |
I'm ready to start my scan. What are the steps? |
It's simple to start your scan. Go to Network > New Scan, and tell us: 1) what to call your scan, 2) the bandwidth setting you want to use, and 3) which assets to scan. You can scan IP assets or DNS assets in your account. |
Should I scan all IPs in my account?Should I scan all IPs in my account? If this is your first scan you may want to scan a small number of IPs at a time to help you with the remediation process. To meet PCI compliance requirements all of the IPs in your account must be scanned and there can be no detected PCI vulnerabilities on any of these IPs. |
Tell me about the Bandwidth settingTell me about the Bandwidth setting Each bandwidth represents multiple settings that affect overall scan performance. It's recommended that you select Medium to get started. Learn more about bandwidth settings |
Tell me about Scheduling my ScanTell me about Scheduling my Scan By selecting Schedule for Later you tell the service to launch the scan at a later time, on a certain date and time, and you can choose to repeat the scan every N days. The scheduling feature allows you to obtain fresh scan results on a regular basis and this ensures you have up to date security information in your account. |
I started my scan. What's next? |
Check out your scan resultsCheck out your scan results You'll know the scan is done when the scan status shows "Finished". You'll also receive a Scan Summary email notification. At this time you can download the Scan Results report and view the vulnerabilities detected. |
Fix vulnerabilities and rescanFix vulnerabilities and rescan Go to Network > Vulnerabilities to see all vulnerabilities
for all hosts. You'll see |
next to
each vulnerability that must be fixed to pass PCI compliance.
After fixing vulnerabilities, start another scan to verify
the fixes.