• Solutions
  • Overview
  • Network Security
    • Vulnerability Scan
    • Penetration Testing
    • Social Engineering
  • Government
    • SCAP
    • FISMA
    • CyberScope
    • CAG 20
  • Industry Compliance
    • PCI
    • HIPAA
    • SOX
    • COPPA
    • GLBA
    • NERC
  • Consultants
  • Enterprise
  • Small Business
  • MSP Solutions
• Products
  • Overview
  • Compare Editions
  • Software
    • SAINTscanner®<
    • SAINTexploit®
    • SAINTmanager®
    • SAINTwriter®
  • On Demand SaaS
    • WebSAINT PRO®
    • WebSAINT®
  • Appliances
    • SAINTbox®
    • SAINTstick®
• Services
  • Overview
  • PCI Compliance
  • Vulnerability Assessment
  • Penetration Testing
  • Web App. Assessment
• Customers
  • Overview
  • Case Studies
  • Testimonials
• Support
  • Overview
  • Technical Support
  • Certification Training
  • Videos
• Resources
  • Overview
  • Literature
  • Request Demo
  • Request Evaluation
  • System Requirements
• Partners
  • Overview
  • SAINT Partners
    • USA
    • International
  • Contact Partners
• Company
  • Overview
  • Contact Us
  • News
  • Events
  • Careers
  • Management

• Services Overview
• PCI Compliance
• Vulnerability Assessment
• Penetration Testing
• Web App. Assessment

 

 

More Information:

For more information about how SAINT PCI ASV services can accommodate your needs contact:
sales@saintcorporation.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Payment Card Industry (PCI) Services

Approved Scanning Vendor Managed Service

SAINT is certified (#4268-01-04) by the PCI Security Standards Council as an Approved Scanning Vendor (ASV). As an ASV, SAINT Corporation is able to help merchants manage data security risks, evaluate the security of their systems that store payment account data and assist them in achieving compliance with the PCI data security standard (DSS).

PCI requires organizations to monitor and test networks to find and fix vulnerabilities on a regular basis. As an ASV, SAINT can help merchants meet the following PCI requirements:

PCI ASV Managed Service		PCI Requirement
SAINT® Vulnerability Scanning		11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network.
SAINTexploit® Penetration Testing		11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification, including network- and application-layer penetration tests.
Checklist Policy Compliance (SAINT includes NIST standards)		2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.
SAINT® Vulnerability Scanning SAINT checks for the use and updating of anti-virus software. This capability is provided for many of today’s most popular AV products.		5.1 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers) Identify if anti-virus software is present 5.2 Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs. Anti-virus definitions are up-to-date; anti-virus is actively running; identify the last scan date.
SAINT includes authentication functionality for assessing Web Application vulnerabilities. SAINT also allows you to customize the spidering of URLs and the depth of trailing directories that should always be assessed.		6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of two methods.
SAINT provides support to customers and ASVs in support of PCI DSS, Requirement 8, as it relates to checking for various password policies. In addition to SAINT’s customizable password policies, SAINT’s PCI scanning policy is pre-configured to validate targets based on PCI specifications, as defined for the following DSS requirements:		8.5.9 Change user passwords at least every 90 days. 8.5.10 Require a minimum password length of at least seven characters. 8.5.12 Do not allow an individual to submit a new password that is the same as any of the last four passwords he or she has used. 8.5.13 Limit repeated access attempts by locking out the user ID after not more than six attempts.

Features

SAINT’s PCI ASV service will audit both your internal and/or external networks on a regular basis. We offer a unique approach to this service with a pre-configured SAINTbox® appliance that allows scheduling of these audits based upon your requirements. In addition, SAINT customers can log on to the SAINT graphical user interface and perform their own audits and data analysis outside of the scheduled PCI ASV service.

Based on the award-winning SAINT technology, the SAINT Managed PCI Scanning Service provides the following features and functionality:

• Reporting – On demand report generation is available for both default and custom reports including PCI executive and PCI technical vulnerability assessment and penetration testing reports. Reports can be automatically sent via e-mail upon completion of the audit. SAINT is the only product that summarizes each system by providing the total number of vulnerabilities and the total number of exploitable vulnerabilities.
  
  
• Content Scanning – The PCI DSS requires that merchants protect stored cardholder data. SAINT provides the ability to audit files on your network for specific file patterns. SAINT’s default policy searches for credit card and social security numbers in specific file formats. Then, it provides a report identifying the systems and files that are storing this confidential information so appropriate action can be taken.
  
  
• Data Analysis – SAINT data can be analyzed using a variety of methods. This enables better decision making about vulnerability data such as accepting risks and excluding false positives from the vulnerability reports, saving time and money.
  
  
• Integrated vulnerability scanning and penetration testing – SAINT is the only product that has one integrated user interface for performing both vulnerability assessments and penetration tests; this makes it easier and less expensive to meet both of these PCI requirements.
  
  
• Dashboard, Help Desk, Trouble Ticketing – SAINT provides an optional feature for customizing the level of threats that should be ticketed and handled by the remediation department. In addition, SAINT provides a live dashboard view trending the vulnerability data from one or more periods of time to the next. This view illustrates whether your security posture is improving, and shows all outstanding tickets.
  
  
• Updates – SAINT technology is constantly updated to include the latest risks and threats, so users can feel confident that vulnerability detection is up-to-date.

SAINT PCI ASV scanning services are flexible in order to meet your needs and can provide both internal and/or external options. SAINT can provide PCI scanning services directly, or we can recommend one of our PCI certified security service partners in your region that uses the SAINT award-winning technology.