Running official PCI DSS Scans and PCI DSS Group Scans
With Invicti Enterprise, you can efficiently run individual PCI DSS scans or group scans, streamlining the compliance process and enabling you to generate approved compliance reports tailored to your business needs.
NOTE: Invicti Enterprise provides two approaches for generating PCI DSS compliance reports to assist organizations in assessing their compliance with the Payment Card Industry Data Security Standard. Refer to Overview of Official and Informal PCI DSS Compliance Reports for more information. |
This document explains how to configure and execute official PCI DSS scans and group scans within Invicti Enterprise.
IMPORTANT: PCI DSS scans are available exclusively to Invicti Enterprise On-Demand users and for websites configured with the Agent Mode set to Cloud. For details on the differences between the Cloud and Internal Agent Modes, refer to the related documentation. To create an official PCI DSS Compliance report, you must have the ‘Account can create PCI Scan’ option enabled. Contact your CSM if you have PCI DSS requirements, and need a report from a PCI ASV. |
Prerequisites
Refer to our whitelisting guidelines for Invicti Enterprise On-Demand to see what IP addresses to whitelist to achieve full PCI coverage.
- Whitelisting guidelines for Invicti Enterprise On-Demand EU region
- Whitelisting guidelines for Invicti Enterprise On-Demand CA region
- Whitelisting guidelines for Invicti Enterprise On-Demand US-2 region
- Whitelisting guidelines for Invicti Enterprise On-Demand US region
How to run an official PCI DSS scan
- In Invicti Enterprise, select Scans > New Scan from the left-side menu.
- Fill in the Target URL and the Scan Profile.
- Select the PCI Scan tab while configuring the scan options.
NOTE: This PCI scan is related to but not identical to your Invicti Enterprise Scan. Scan options configured in Invicti Enterprise do not affect the PCI scan, and the two scans work independently of each other. |
- Select the Create PCI Scan checkbox.
- Configure the remaining settings as required.
- Click Launch to start the scan.
NOTES:
|
How to run an official PCI DSS group scan
- In Invicti Enterprise, select Scans > New Group Scan from the left-side menu.
- Fill in the Target URL and the Scan Profile.
- Select the PCI Scan tab while configuring the scan options.
NOTE: This PCI scan is related, but not identical, to your Invicti Enterprise Scan. Scan options configured in Invicti Enterprise do not affect the PCI scan, and the two scans work independently of each other. |
- Select the Create PCI Scan checkbox.
- Configure the remaining settings as required.
- Click Launch to start the scan.
NOTES:
|
Configuring quarterly assessments
If you would like to set up quarterly assessment scans, our Technical Support team will be delighted to help. Open a support ticket, and we will set this up for you.
Running authenticated scans
PCI scanning does not require authenticated scans. However, authenticated scans can be performed using the Invicti Enterprise Vulnerability Scanning service. If you wish to conduct authenticated scans through Clone Systems, Invicti Enterprise Technical Support can help you with the appropriate setup.
Exporting official PCI DSS Reports
Invicti Enterprise allows you to export three types of PCI DSS reports:
- Attestation Report: This report provides the compliance results, summarizing whether the requirements have been met.
- Detailed Report: This report includes comprehensive information about the scanned IP addresses. It is intended for internal use only and should not be shared with third parties.
- Executive Report: This report outlines whether your environment complies with the ASV scanning guidelines established by the PCI Security Council.
For instructions on how to export these reports, refer to our Exporting the official PCI DSS Compliance Report document.