According to PCI DSS requirement 6.1, merchants are required to fix all High ranking vulnerabilities according to a risk ranking scale. This scale can be customized using the PCI scan report template.
Go to VM/VMDR > Reports > Templates to view the report templates in your account. To create a new PCI scan template select New > PCI Scan Template. To edit an existing one hover over the template and select Edit from the Quick Actions menu.
Using the template wizard go to the PCI Risk Ranking section and define a risk ranking scale by modifying the CVSS base score ranges for High, Medium and Low ranking vulnerabilities.
What are the PCI risk ratings? Our service uses the PCI risk rankings High, Medium and Low. By default these are set to the same CVSS scores as required for ASV external scans. By customizing the risk ranking scale within the PCI scan report template, you have the ability to create different reports on different sub-nets using a different risk ranking scale for each.
Go to VM/VMDR > Reports > Templates, hover over the PCI report template you've customized, and select Run from the Quick Actions menu.