Your PCI Scan Report

Why should I run a PCI scan report?

Which hosts are included?

How do I run it?

Tell me about Active Hosts

Which vulnerabilities do I have to fix?

Tell me about Hosts Matching Filters

Tell me about PCI compliance status


Why should I run a PCI scan report?

You run PCI scan reports to analyze vulnerability scan results and report on PCI internal scan data. You can analyze trends in vulnerabilities detected, sort and filter scan data, generate graphical reports, and create executive reports that provide views on your compliance with the PCI DSS for internal scans.

How do I run it?

Go to VM/VMDR > Reports > Templates. Find a PCI scan template and click Run from the Quick Actions menu. The details included in your report depend on the options selected in the report template and the options selected at run time.

Why don't I see this template?

Which vulnerabilities do I have to fix to be compliant?

According to PCI DSS requirement 6.1, merchants are required to fix all High ranking vulnerabilities according to a risk ranking scale for High, Medium and Low. This scale can be customized using the report template.

Tell me about PCI compliance status

PCI compliance status PASS or FAIL only appears when the template uses the service-provided PCI risk ranking. The vulnerabilities with the FAIL status must be fixed to pass the PCI compliance requirements.

Tell me about the reasons

How do I view reasons in my report?

Tell me about vulnerabilities without a PCI status

Which hosts are included in the report?

You choose the report target when you run the report. Then the hosts in your target that have scan data will be included. A host with scan data is a host that meets all of these conditions:

- The host was a target of a vulnerability scan.

- The host was found to be active (alive) during the scan.

- The host scan completed successfully and the scanning engine returned scan data (results).

- Scan data for the host was found in your account during report generation (host was not purged after being scanned). The scan data found in your account may indicate vulnerabilities were detected or no vulnerabilities were detected.

Which hosts are counted as Active Hosts?

Any host found to be active (alive) during the scan is counted.

Which hosts are counted as Hosts Matching Filters?

Any host matching the filters defined in the report template is counted.