ImmuneSecurity is providing customers in Denmark and Sweden with IT security solutions with focus on Vulnerability Management and Log Management. PCI compliance is an important part of our offerings and we fully comply with the standards defined by PCI.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
OUTSCAN PCI SSC (Security Standards Council) (a)include these new features:
New Scoping Tools
In addition to providing all external-facing IP addresses, the scan customer must also supply all fully qualified domain names (FQDN) and other unique entryways into applications for the entire in-scope infrastructure. This includes, but is not limited to, domains for all web-servers, domains for mail servers, domains used in name-based virtual hosting, and web-server URLs to “hidden” directories that cannot be reached by crawling the website from the home page.
New Reporting Templates
All new reporting templates are included as required by the PCI SSC. New templates include information on exceptions, false positives, and compensating controls input by the user and ASV reviewer.
Consolidated Solution Recommendations
A consolidated solution will be provided for each IP address scanned as part of the PCI data environment.
Special Report Notes
Special notes will now be included in the report for items of special interest found during the scan. These special notes will explain risks present in the PCI data environment that was scanned and will require the user to describe the actions they have taken to deal with these special issues.
Changes to Compliance Determination System
All vulnerabilities will be scored using industry standard CVSS risk scoring system. CVSS scores will also be used from the NVD when available. In additional several findings types can cause an automatic failure regardless of CVSS score such as; cross-site scripting, SQL injection, open database access, default username and password settings.
Workflow for Handling Exceptions such as False Positives Users will now be able to interact with our ASV qualified review staff through disputing tools found in the new OUTSCAN PCI module. These tools will allow scan customers to have findings removed or provide documentation on exceptions and compensating controls. The user will be able to upload files to help assist in this new workflow of documenting false positives, exceptions and compensating controls.
ImmuneSecurity and Outpost24AB is committed to providing the best possible PCI ASV tools and are happy to announce these changes which will benefit all customers involved in the PCI compliance process.