As of July 1st 2012 the PCI standard now has a requirement for ‘risk rankings to vulnerabilities’. Associated with the 6.2 rule, any merchant who processes card payment details must now be able to demonstrate that they are not only aware of known vulnerabilities but also that they have a process for ranking them according to the risks posed to their own software and systems.
This also impacts upon the scanning requirements as set out in rule 11.2. Merchants will now have to demonstrate proof of passing an internal vulnerability assessment, performed by a qualified source. Assessments will need to be conducted quarterly and focus on the previous 4 quarters of activity.
IT Governance offers a PCI ASV Scanning Service from just £165 for a year.
|PCI ASV Scanning Service – 1 Year Contract
Our 1 year contract provides 10 scans per quarter across up to 5 IP addresses. Read more about how this service can help you stay PCI compliant.
For larger organisations our Enterprise Scanning Service offers unlimited scans on over 20 IP addresses. Read more about how this service can help you stay PCI compliant.