Perhaps the most oft-misunderstood Payment Card Industry Data Security Standard (PCI DSS) requirement is number 11: the vulnerability scanning requirement. Requirement 11 is all about scanning â€” what to scan, when to scan, how to scan, and whom to report the scan results to. Fun stuff like that. And knowing where to find an approved scanning vendor is a huge part of that.
Fortunately, thereâ€™s an easy solution to what seems like an onerous task â€” one thatâ€™s both efficient and affordable: Sectigoâ€™s PCI scanning tool.
Weâ€™ll get to that in a minute. First letâ€™s talk about whatâ€™s required from your scanning product.
PCI DSS Vulnerability Scanning Requirements
Unless youâ€™re a service provider thatâ€™s using network segmentation to secure your organizationâ€™s payment card information, then you donâ€™t need to worry about penetration testing. And thatâ€™s likely a good thing because penetration testing is a lot more complicated â€” and a lot more expensive â€” than your standard vulnerability scan.
So, what needs to be done? Here are a few things youâ€™ll have to accomplish:
- Perform quarterly internal and external scans
- Report the quarterly scan results to your acquiring bank
- Use scanning tools from a PCI DSS approved scanning vendor (those approved by the Payment Card Industry Security Standards Council, or whatâ€™s known as PCI SSC)
Got that? This means that youâ€™ll need to purchase a scanner tool or outsource the scans completely, and youâ€™ll need to make sure that youâ€™re working with an approved vendor. Furthermore, youâ€™ll need to file quarterly reports with your acquiring bank demonstrating that you scanned and fixed any vulnerabilities the scans discovered. Failure to do so can lead to penalties between $5,000 and $100,000 per month. Yes, per month.
Not exactly chump change. Thatâ€™s a lot of money â€” especially if youâ€™re a small or mid-size business.
So, how do you handle the scanning requirement to avoid these penalties and to stay compliant with PCI requirements?
Find a Reputable PCI Approved Scanning Vendor
Not all PCI approved scanning vendors, or what are known as ASVs, are made equal. First letâ€™s talk about what it takes to become one. There is a strict set of standards that each vendor must abide by. Much like certificate authorities (CAs), a lot of trust is being placed in them, so it behooves everyone to ensure that they operate transparently and above board.
But that doesnâ€™t mean that all of their scanners work the same. Or, to put it a little differently, thatâ€™s not to say all of their scanners work well.
When picking a scanner vendor, you want to choose one that has the experience and resources to diagnose EVERY vulnerability. But thatâ€™s not enough. Itâ€™s also important to have one that provides remediation solutions to help you fix problems and not simply identify them. You donâ€™t want to have to go sorting through forum posts, nor is it cost efficient to hire a security firm to fix them all. Find a solution that gives you the tools to do it in-house.
Unfortunately, most PCI scanning vendors canâ€™t check all those boxes. But one canâ€¦
Save 67% on PCI ASV Scanning
Stay compliant with Sectigo’s HackerGuardian PCI Scanner for only $81.90/year.
Sectigo HackerGuardian PCI Scanning
Sectigo has been around for over two decades â€” just under a different name: Comodo CA. In that time, the company has built one of the most powerful antivirus suites in the world. Itâ€™s also a major player in the world of public key infrastructure (PKI) and digital certificates, having grown into the worldâ€™s largest CA. Now, Sectigo allows you to leverage that experience and expertise using its HackerGuardian PCI Scanner, which conducts vulnerability tests on every scan to ensure your networks are safe and vulnerability-free. This PCI SCC approved scanning vendor also provides you with the remediation solutions that other scanning vendors donâ€™t.
Sounds like a win-win situation to us.
Sectigoâ€™s HackerGuardian takes all of the work out of PCI scanning. Simply set up the client and let it do the work for you. Then take the ready-to-submit report it generates and send it to your acquiring bank. It makes complying with PCI DSS Requirement 11 easy and cost effective.
And hereâ€™s the best part. With other vendors, the same scanning product â€” albeit one thatâ€™s not nearly as comprehensive â€” will run you hundreds or even thousands of dollars!
But not Sectigo HackerGuardian. We sell it for just $81.90. Thatâ€™s even cheaper than Sectigo sells it for when you buy it directly from them! Nobody offers a better scanning solution for less. Guaranteed.