The Compliance Status section provides the current PCI compliance status for your network and its hosts. To view compliance status, go to Compliance > Compliance Status.
The overall compliance status indicates whether the network is compliant with the PCI Data Security Standard. The network consists of all the IPs in your account.
means that the network is Compliant. No vulnerabilities, which must be
fixed to pass PCI compliance, were found on the network. When the overall
compliance status is Compliant, click the Generate button to create your
network reports for certification.
means that the network is Not Compliant. One or more vulnerabilities,
which must be fixed to pass PCI compliance, were found on the network.
Click the Generate button to generate PCI network reports based on the current vulnerability data for your network. See Generate Network Reports for instructions on using the workflow to generate, save, and send network reports to your Approved Scanning Vendor for review and approval. Once approved by the ASV, you can submit PCI certified reports directly to your acquiring banks.
Note that we will show a warning message on the Report Generate page when you generate a PCI report that is Not PCI compliant. The message will inform that you are about to generate a report for PCI scan that has hosts with vulnerabilities. We recommend you to either mark the vulnerabilities as False Positives or remediate them, then rescan the hosts. Click Next to generate the report.
This section provides information about the hosts in your account.
In Account: The total number of hosts in your account.
Not Live: The total number of hosts in your account that were not found to be alive during scan processing. These IPs were specified as target IPs for scans that were launched in your account. The service was not able to find the host during host discovery, the first phase of the scan. Check to be sure that your hosts are properly connected to your network and have Internet access. Hosts that are not live will not cause you to fail PCI compliance. Note, however, these hosts will be identified in the PCI network reports that you submit to your acquiring banks to demonstrate compliance, because the PCI compliance service could not determine whether these hosts passed PCI compliance requirements.
Compliant: The total number of hosts in your account that are Compliant
with PCI security standards.
Not Compliant: The total number of hosts in your account that are Not
Compliant with PCI security standards.
Not
Current: The total number of hosts in your account that are Not Current.
A host in your account is considered Not Current if it was scanned more
than 30 days ago or has never been scanned. The PCI compliance service
defines the best practice scanning period to be 30 days prior to today.
In order for a host to receive Compliant status you must scan the host
during the best practice scanning period and there must be no PCI vulnerabilities
found for that scan.
This section displays the total number of current vulnerabilities and potential vulnerabilities at each PCI severity level (High, Medium and Low). These include vulnerabilities that failed PCI compliance and must be fixed, as well as vulnerabilities that we recommend that you fix. All vulnerabilities and potential vulnerabilities with a PCI status of FAIL must be fixed to pass the PCI compliance requirements
This section shows the compliance status for each host in your account
based on the most recent network scans. A check mark ()
indicates that the host is Compliant. No vulnerabilities, which must be
fixed to pass PCI compliance, were found on the host. A dash () indicates that the host is Not Compliant;
one or more vulnerabilities, which must be fixed to pass PCI compliance,
were found on the host.
What are the vulnerability counts? The total number of current vulnerabilities and potential vulnerabilities that have been detected on the host. These include vulnerabilities that failed PCI compliance and must be fixed, as well as vulnerabilities that we recommend that you fix.
All live hosts are displayed in the Host Status list by default. You may change the types of hosts displayed using the buttons: All Live DNS, Hosts not Live and Hosts not Current.
When all live hosts or all live DNS are displayed, an actions bar appears above the list enabling you to perform actions on one or more hosts in the list, such as Scan to start a network scan on the selected host, View Vulnerabilities to view the current vulnerabilities for the host, and Download Report to download the current vulnerabilities for the host in PDF format.