PCI Requirement 11.2.2

The Payment Card Industry Data Security Standard (PCI DSS) Audit reports provide available documentation and compliance artifacts that help you demonstrate compliance with requirements of the PCI DSS.

The PCI Requirement 11.2.2 report provides guidance to demonstrate that quarterly external vulnerability scans and rescans are performed, in compliance with Requirement 11.2.2.

To access the PCI Requirement 11.2.2 report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under PCI DSS Audit, click VIEW.
  4. Click PCI Requirement 11.2.2.

The report summary page displays two columns. Testing Procedures lists each procedure that is required for testing the selected PCI requirement. Available Documentation and Artifacts describes, and contains links to compliance artifacts that you can use to demonstrate compliance with each testing procedure.

Available Documentation and Artifacts

This report provides you with documentation and artifacts help you demonstrate that quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approved by PCI SSC, are performed and that rescans are performed as needed, until passing scans are achieved.

Testing procedure for PCI 11.2.2.a

This testing procedure requires a review output from the four most recent quarters of external vulnerability scans, and verify that the four most recent quarters of external vulnerability scans occurred in the most recent 12 month period.

This section provides you with a link for quick access to the PCI scanning page in the Alert Logic console to review the latest 25 external vulnerability scan reports for the most recent 12 month period.

Testing procedure for PCI 11.2.2.b

This testing procedure requires a review of the results of each quarterly scan and rescan to verify that the ASV Program Guide requirements for passing scan have been met.

This section provides you with a link for quick access to the PCI scanning page in the Alert Logic console to review the results of quarterly external scans and rescans including the following ASV reports:

  • Attestation of Scan Compliance
  • Executive Summary
  • Vulnerability Details

This section also provides another link for quick access to the PCI scanning page in the Alert Logic console to review all completed and ongoing scan disputes.

Testing procedure for PCI 11.2.2.c

This testing procedure requires a review of the scan reports to verify that the scans were completed by a PCI SSC ASV.

This section provides you with a link for quick access to PCI SSC to verify that Alert Logic scanning solution has been tested and approved by the PCI SSC to conduct external vulnerability scanning services to validate adherence with the external scanning of Requirements 11.2.2.