Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Types of Reports

Overview of Official and Informal PCI DSS Compliance Reports

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

The PCI Compliance Report helps you meet the Payment Card Industry Data Security Standard (PCI DSS), a set of security requirements established by major card networks in 2004 and regularly updated. If your organization relies on credit or debit card payments, you are required to follow these rules.

What are PCI and ASV?

PCI (PCI-DSS)

The Payment Card Industry Data Security Standard is a set of security guidelines to protect cardholder data and ensure secure credit card transactions for companies that process, store, or transmit this information.

ASV (Approved Scanning Vendor)

A company authorized by the PCI Security Standards Council to perform external vulnerability scans on systems handling credit card data, helping businesses comply with PCI DSS. ASVs undergo strict approval to ensure accurate vulnerability detection.

Invicti Enterprise’s approach to generating PCI DSS compliance reports

Invicti Enterprise is not an ASV. However, we offer official PCI scanning services through our partner, Clone Systems, an authorized ASV.

A complete list of ASVs is available here. You can search for Clone Systems, Inc. to locate their listing. Invicti Enterprise is not included on this list.

Invicti Enterprise provides two approaches for generating PCI DSS compliance reports:

This document serves as an introduction and a guide to PCI DSS Compliance scanning and reporting in Invicti Enterprise, providing an overview of the available options and directing you to related resources.

Invicti Enterprise's Audit Ruleset for PCI Compliance - Informal report

This is an internal assessment tool that identifies vulnerabilities based on PCI DSS requirements. While useful for preliminary evaluations, it is not considered an official PCI report. This option is available to all customers.

Refer to the related documentation for more information about the Informal PCI DSS Compliance Report:

PCI ASV (Clone System) Scan Report - Official report

This is an official report generated using the PCI ASV Clone System. It meets the official requirements of PCI DSS compliance and serves as a recognized validation of the organization's adherence to the standard. With Invicti Enterprise's official PCI DSS Compliance Report, you can easily identify vulnerabilities and issues that violate the standard.

There is a Scan Profile / New Scan setting available. To create an official PCI DSS Compliance report, you must have the ‘Account can create PCI Scan’ option enabled. This option is available to our Invicti Enterprise On-Demand customers.

Contact your CSM if you have PCI DSS requirements, and need a report from a PCI ASV.

This report gives you detailed technical insights, making it especially useful for your developers and IT team. It also provides a summary of your overall security posture to help you quickly understand your compliance status.

Clone Systems scans do not adhere to the scan configurations (i.e., scan policy/profile, and scopes) within the Invicti Enterprise Platform. Instead, they scan the entire domain name no matter what level you are.

NOTE:

Clone Systems maintains a database of NVTs that is updated daily. This database is reviewed and tested annually by the PCI DSS Council as part of their ASV renewal process.

Additional information about Clone Systems can be found at these links:

Refer to the related documentation for more information about the Official PCI DSS Compliance Report:

TIP:

For other reports available in Invicti Enterprise, refer to Overview of reports, Report templates, and Built-in reports.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports