Support
Launching Scans

PCI DSS Scanning

This document is for:
Invicti Standard, Invicti Enterprise On-Demand

This article explains how to run a PCI DSS scan in Invicti Enterprise for individual websites and groups. It also covers how to define a PCI DSS scan policy in Invicti Standard.

NOTE: You can configure Invicti Standard to perform a PCI DSS Scan, but its report does not constitute an official report. A normal scan in Invicti Enterprise and Invicti Standard presents only an unofficial PCI DSS Report. For further information on how to generate reports following scans, refer to PCI DSS Compliance Report. 

 

What is a PCI DSS scan?

Invicti users can conduct Payment Card Industry Data Security Standard (PCI DSS) scans to receive approved PCI DSS compliance reports for their public websites.

To generate an approved PCI DSS Report in Invicti Enterprise, you must first configure the scan to generate PCI DSS scan information. If you are not allowed to start a PCI scan, please contact our sales team at sales@invicti.com, so the team can change your product plan.

Running a PCI DSS scan in Invicti Enterprise

IMPORTANT: PCI DSS scans are only available for Invicti Enterprise On-Demand users and for websites whose Agent Mode is set to Cloud.

When configuring a new scan, you can enable Create PCI Scan to ensure that a PCI scan is conducted in addition to your Invicti Enterprise scan. This additional PCI scan is related, but not identical, to your Invicti Enterprise scan. Scan options configured in Invicti Enterprise do not affect the PCI scan, and the two scans work independently of each other.

Prerequisite

  • Allowlist the following IP address to achieve full PCI coverage: 38.123.140.0/24

How to run a PCI DSS scan in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. Select Scans > New Scan from the main menu.
  3. Select the PCI Scan tab while configuring the scan options.
  4. Enable the Create PCI Scan checkbox.

  1. Configure the remaining scan settings as required.
  2. Click Launch to start the scan.

NOTE: Your Invicti Enterprise scan may finish before your PCI Scan is completed.

  • If you select Pause on your ongoing Invicti Enterprise scan, then the PCI Scan will also pause.
  • If you select Cancel on your Invicti Enterprise scan, then the PCI scan will also be canceled.

How to run a PCI DSS group scan in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. Select Scans > New Group Scan from the main menu.
  3. Select the Create PCI Scan checkbox.

  1. Configure the remaining scan settings as required.
  2. Click Launch to start the scan.

NOTE: Your Invicti Enterprise scan may finish before your PCI Scan is completed.

  • If you select Pause on your ongoing Invicti Enterprise scan, then the PCI Scan will also pause.
  • If you select Cancel on your Invicti Enterprise scan, then the PCI scan will also be canceled.

How to view the PCI DSS v3.2 Compliance reports

  1. Log in to Invicti Enterprise.
  2. Select Scans > Recent Scans from the main menu.
  3. Select Report to the right of the relevant scan.

  1. Click the Export drop-down and select one of the PCI DSS v3.2 Compliance report options:
  • Attestation Report: This is the results report. It contains the compliance result.
  • Detailed Report: This report contains detailed information about the IP addresses you've scanned and should not be shared with third parties.
  • Executive Report: This report defines whether or not your environment meets the ASV scanning guidelines set by the PCI security council.

Your report automatically starts downloading and can be viewed from your default download location.

Defining the PCI DSS scan policy in Invicti Standard

In Invicti Standard, you can define the scan policy so that a PCI Checks test is performed. This security test only scans for vulnerabilities with PCI classifications.

You can also download a PCI DSS Compliance Report based on PCI classifications. This is a report of vulnerabilities that are listed in PCI classifications, along with their details.

For more information on how to download a PCI DSS Compliance Report on Invicti Standard, refer to PCI DSS Compliance Report.

How to define the PCI Scan Policy in Invicti Standard

  1. Open Invicti Standard.
  2. In the Home tab, select New. The Start a New Website or New Service Scan dialog is displayed.
  3. In the Target Website or Web Service URL field, enter the URL of the website you want to scan.
  4. In the Scan Policy drop-down, select PCI Checks.

  1. Complete the other fields as required.
  2. Select Start Scan.