Effective June 30, 2012, PCI will require evidence of quarterly internal vulnerability scans and both internal and external vulnerability scans after any significant network changes.
The new updates also require the assignment of risk rankings to all vulnerabilities discovered during vulnerability scans, and evidence that all ‘high’ risk vulnerabilities discovered during scans are resolved.
“The updated PCI vulnerability reporting requirements are a positive step for consumer credit card data security, and they will also dramatically improve network security for small and medium sized businesses,” said Brent Torre, cloud product manager for nCircle.
The following nCircle PureCloud features make it easy for users to comply with the new PCI requirements:
- PureCloud subscriptions support an unlimited number of scans for one low annual price, making it easy and cost effective for organizations to scan and re-scan internal or external networks after any major change.
- PureCloud can be configured to scan automatically on user-selected schedules. Every scan produces a detailed report that can be used in audits to provide evidence that quarterly vulnerability scan controls are in place.
- PureCloud reports include vulnerability rankings that combine CVSS scores with other factors, such as exploit availability and vulnerability age. The resulting vulnerability ranking provides a comprehensive low, medium or high rating and remediation plan for all vulnerabilities discovered.
- PureCloud reports meet all existing and new PCI DSS requirements and can be used in PCI audits to provide evidence of security controls in PCI audits as well as document the results of every vulnerability scan.