How Do I Perform a PCI DSS Scan?

4 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 5 (4 votes, average: 4.00 out of 5, rated)
Loading...

One of the most important requirements for the Payment Card Industry Data Security Standards (PCI DSS) is internal and external site scanning. The PCI DSS scan is the portion of compliance that many companies struggle with owing to the opacity of the requirement. Specifically, how does one perform a PCI DSS compliance scan?

This article is going to explain the easiest, most cost-effective way to perform those scans — using Sectigo’s HackerGuardian scanner. Sectigo, formerly Comodo CA, is a PCI approved scanning vendor who meets all of the approved vendor scan requirements with its HackerGuardian PCI scanner tool.

How to Perform a PCI DSS Scan

As you’ll see, the steps are surprisingly simple given the fact HackerGuardian handles everything for you and even produces ready-to-submit reports. There’s something to be said for automation! Here’s how to perform a PCI scan using Sectigo HackerGuardian.

  1. Purchase Sectigo HackerGuardian. We sell HackerGuardian for the lowest price on the internet. It’s already the most affordable scanning option out there – usually retailing for $250. We’ve got it for $81.90. So, go ahead and buy it, then check back here for the rest of the steps to a PCI compliance scan.

Save 67% on PCI Scanning

Get Sectigo HackerGuardian PCI Scanner for only $81.90/year.

Start Scanning
  1. Set up Sectigo HackerGuardian. Onboarding for HackerGuardian is simple and can be done by following the steps provided. We’d go into detail here but, unfortunately, setup does vary somewhat depending on the servers you’re using — just follow the instructions and it’ll be set up in less than 10 minutes.
  2. Open your Sectigo HackerGuardian client and start the scan. Just sit back and let Comodo do the rest. The company has been running tests for the 30,000+ malware variants that it’s discovered throughout the 20 years it’s been providing antivirus services. When it’s done, Comodo will issue a report with any vulnerabilities it found.
  3. Fix the vulnerabilities. Comodo will offer advice on remediation — take it, fix the issue, and make sure to document it carefully.
  4. Run the scan again. This time, HackerGuardian should return a clean result. At this point, you’ll want to take that report and submit it.

What is the PCI DSS Scanning Requirement?

PCI DSS compliance requires organizations to run regular internal and external scans, and to remediate all issues that the scans turn up. You’ll need to file quarterly reports demonstrating you’ve done this.

More importantly, you need to create organizations policies for how the scans will be conducted. Specifically, you should figure out what personnel will be responsible for several activities, including:

  • Performing the PCI DSS scans,
  • Performing any necessary remediation,
  • Reporting the results of the scans,
  • Determining scanning frequencies,
  • Determining how frequently the scanner is patched and updated, and
  • Determining what you’ll do in the event you need to find a new scanner.

You need to cover every conceivable angle in this policy. That sounds tough, but really this is just cover — it’s something you can point to in the event you ever face an audit or on-site assessment. Remember, you need to run these scans on a quarterly basis, but you can run them much more frequently than that if you so choose. We advise running one every week or so to ensure you’re maintaining good security posture. And keep all of the reports — even the ones you don’t submit. Store them as audit logs. Make them available if needed. PCI DSS is about security, but it’s also about processes and policies that govern security.