top of page

Mandatory & Timely Risk Assessment & Management process requirement for PCI DSS Standards .

Updated: Oct 6, 2020

Mandatory requirements around Scan & testing which has to be taken care .

1. Internal VA Scans

For all in Scope Systems, ex. Nessus


2. External ASV Scan

For Public interfaces of CDE , Ex. Qualys


3.Wireless Scan

If AWS & other PCI DSS DC provider are used it will be not applicable for customer , AWS & other SP might be covering this part already for customer under Infra /platform as a service .


4.Internal PT

Web & Network layer along with Segmentation test(half Yearly) .


5.External PT

Both Web & Network layer test to be executed .


6.Data Discovery Scan on CDE Server’s

Scan performed on CDE to show there is no CHD Data on other systems than what was defined to store such .


Note :

All the above 4 Reports should be in good state .

· ASV Scan , PT - All High & medium Risk should be remediated . Retesting report required to prove the same .

· Internal Scan - All High to be remediated, rescan report/results required post remediation .

21 views0 comments

Recent Posts

See All

Introduction Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting.

bottom of page