If I Get A Passing PCI Scan, Does That Mean I Am Compliant?

Answer: The PCI Data Security Standard uses a “defense-in-depth” approach to establishing PCI compliance.  PCI compliance involves more than just quarterly external PCI scanning.

Listed here are some of the other required tasks that 1 Stop PCI Scan is qualified to perform.

  • Internal Vulnerability Scans – From item 11.2 of the PCI DSS: “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).”  Quarterly internal vulnerability scans are required in addition to quarterly external PCI scanning.  More Information >
  • Yearly Penetration Testing – From item 11.3 of the PCI DSS: “11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).”  Penetration testing involves simulating a real world attack on a customer’s network to determine what a malicious user would be able to accomplish.  More Information >

These additional services are priced depending on each individual customer’s needs.  Contact us for more information.