Keep your systems secure, and customers can trust you with their sensitive payment card information.
When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise. PCI/DSS Compliance Assessment Module combines 1) automated data collection with 2) a structured framework for collecting supplemental assessment information through surveys and worksheets.
PCI Risk Profile Use for Ongoing PCI Compliance Assessments
A PCI Risk Analysis should be done no less than once a year. However, the Network Auditor includes an abbreviated version of the PCI Risk Analysis assessment and reporting process within the Network Auditor PCI Module. This process is called the PCI Risk Profile.
The PCI Risk Profile is designed to provide interim reporting in a streamlined and almost completely automated manner.
Whether performed monthly or quarterly, the Risk Profile updates the Risk Analysis and documents progress in addressing previously identified risks and finds new ones that may have otherwise been missed and resulted in a data breach.
Planning the On-site Data Collection
There are various ways to collect data for a PCI Compliance Assessment. These methods can vary based on time, cost, client expectation, level of detail needed to identify remediation needs, etc.
Automated Scans Performed During the PCI Assessment Process
The Initial Data Collection phase of the PCI Compliance Assessment consists of the following required and optional scans:
· External Vulnerability Scan
· Internal Vulnerability Scan (optional and requires the Network Detective Inspector)
· PCI Network and Layer 2/3 Discovery Scan (using Inspector) l PCI Scans on Local Computers (using the Inspector to Push Local Scans for PCI and the PCI Data Collector for unreachable computers)
· Optional Local Computer Scans (using the PCI Data Collector)
The Network auditor and the PCI Data Collector scans make use of multiple technologies/approaches for collecting information on the client network, including:
· Network Scan
· Active Directory
· WMI l Remote Registry
· ICMP l File System Scanning
· Windows Registry
· Windows Shares and Permissions