top of page

Mandatory & Timely Risk Assessment & Management process requirement for PCI DSS Standards .

Updated: Oct 6, 2020

Mandatory requirements around Scan & testing which has to be taken care .

1. Internal VA Scans

For all in Scope Systems, ex. Nessus


2. External ASV Scan

For Public interfaces of CDE , Ex. Qualys


3.Wireless Scan

If AWS & other PCI DSS DC provider are used it will be not applicable for customer , AWS & other SP might be covering this part already for customer under Infra /platform as a service .


4.Internal PT

Web & Network layer along with Segmentation test(half Yearly) .


5.External PT

Both Web & Network layer test to be executed .


6.Data Discovery Scan on CDE Server’s

Scan performed on CDE to show there is no CHD Data on other systems than what was defined to store such .


Note :

All the above 4 Reports should be in good state .

· ASV Scan , PT - All High & medium Risk should be remediated . Retesting report required to prove the same .

· Internal Scan - All High to be remediated, rescan report/results required post remediation .

21 views0 comments

Recent Posts

See All

802.11 Wi-Fi Architecture

Introduction Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting.

Bình luận

bottom of page