Don’t Forget About a Vulnerability Assessment

Hopefully you are all in the process of putting your business in compliance with the PCI Data Security Standards. One thing that can really help you with your PCI compliance is a Vulnerability Assessment. Vulnerability Assessment works hand in hand with PCI scanning in ensuring your business is following compliance.

There are three basic principles that should be met for PCI compliance. The PCI Data Security Standards, consisting of 12 requirements, must be met. The Payment Application Data Security Standard (PA DSS) must be met. Finally, the PIN entry device security requirements must be met. The vulnerability assessment will help to make sure that you are meeting these standards. Through vulnerability scanning by an approved scanning vendor, you will know if and where the vulnerabilities lie, and then you can take the necessary steps to get it fixed.

You should conduct vulnerability scans as often as possible, to ensure your that there are no threats and that your customers information is safe. Most Approved Scanning Vendors (ASV’s) offer daily and quarterly scanning. If possible, you should choose daily scans, but you can discuss this with your aquirer to be sure what is required.

So do you homework, and review what is available out there as far as ASV’s. Not all ASV’s are the same, so you want to make sure that you are getting the best for your money. Most vulnerability scanners are simple to use, but if you have any questions about vulnerability scanning and a vulnerability assessment, you should check out Trust Guard. I have found them to be highly efficient and affordable.