SAINT top bar Go to home page Search this site Contact SAINT Corporation
SAINT logo
Compliance





Vulnerability Scanning and Compliance for–

Government – FISMA

Healthcare – HIPAA

Financial – GLBA

Web – COPPA

Public – SOX

For more information
Contact Us

 

 

 

 

COPPA

SAINT's vulnerability assessment reports let you see at a glance whether your network is compliant with the Payment Card Industry data security standard (PCI DSS).

Sample SAINT PCI Report

About PCI

The PCI DSS was developed by the five major credit card brands (MasterCard, VISA, American Express, Discover, and JCB) to help merchants safeguard electronic data from security breaches and to ensure the proper handling and protection of cardholder account and transaction information.

The vulnerability scanning and penetration testing requirements are found in requirement 11 (see table below)—Regularly test security systems and processes. As stated by PCI DSS, "Vulnerabilities are being discovered continually by hackers and researchers, and being introduced by new software. Systems, processes, and custom software should be tested frequently to ensure security is maintained over time and with any changes in software."

  • 11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
    Note: Quarterly external vulnerability scans must be performed by a scan vendor qualified by the payment card industry. Scans conducted after network changes may be performed by the company’s internal staff.
  • 11.3 Perform penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment). These penetration tests must include the following:
    11.3.1 Network-layer penetration tests
    11.3.2 Application-layer penetration tests
PCI Compliance Requirements
Build and Maintain a Secure Network  1 Install and maintain a firewall configuration to protect cardholder data
 2 Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data  3 Protect stored cardholder data
 4 Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program  5 Use and regularly update anti-virus software
 6 Develop and maintain secure systems and applications
Implement Strong Access Control Measures  7 Restrict access to cardholder data by business need-to-know
 8 Assign a unique ID to each person with computer access
 9 Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10 Track and monitor all access to network resources and cardholder data
11 Regularly test security systems and processes
Maintain an Information Security Policy 12 Maintain a policy that addresses information security
  Copyright SAINT Corporation. All Rights Reserved. Privacy information Legal information Site map