Customize PCI Risk Ranking

According to PCI DSS requirement 6.1, merchants are required to fix all High ranking vulnerabilities according to a risk ranking scale. This scale can be customized using the PCI scan report template.

1) Select a PCI report template

Go to VM/VMDR > Reports > Templates to view the report templates in your account. To create a new PCI scan template select New > PCI Scan Template. To edit an existing one hover over the template and select Edit from the Quick Actions menu.

2) Configure your PCI report template

Using the template wizard go to the PCI Risk Ranking section and define a risk ranking scale by modifying the CVSS base score ranges for High, Medium and Low ranking vulnerabilities.

What are the PCI risk ratings? Our service uses the PCI risk rankings High, Medium and Low. By default these are set to the same CVSS scores as required for ASV external scans. By customizing the risk ranking scale within the PCI scan report template, you have the ability to create different reports on different sub-nets using a different risk ranking scale for each.

3) Launch your report

Go to VM/VMDR > Reports > Templates, hover over the PCI report template you've customized, and select Run from the Quick Actions menu.