PCI Compliance Scanning
Am I meeting requisite compliance standards?
Not every industry with regulatory compliance explicitly requires pen testing and/or vulnerability management. HIPAA, for example, does not state outright a requirement for either. But, it does require a risk analysis – which requires covered entities to test their security controls in an effort to validate exposure to actual vulnerabilities.
The Payment Card Industry Data Security Standard (PCI DSS) does, however, require companies that accept, store, process and/or transmit credit card information to meet twelve specific compliance requirements, two of which require an explicit vulnerability management program:
Requirement 6: Develop and maintain secure systems and applications.
Requirement 11: Regularly test security systems and processes.
Digital Defense fully understands the challenge of meeting today’s Payment Card Industry (PCI) compliance standards. In fact, the company was the first vendor to provide PCI compliance as a managed service, and remains one of the world’s longest tenured Approved Scanning Vendors (ASV).