Compliance

Manage PCI Compliance for your assets.

This is where you’ll perform all activities related to PCI compliance. Here you can easily see the status of targets that are in scope for PCI scanning and whether they are currently in compliance. If any reports have been reviewed and passed, you will be able to download them.

After the targets in PCI scope have been scanned, you may submit a report to be reviewed.

Generate Report

Generating a report begins the PCI attestation process. During this process, you will be required to answer questions to the following:

  • Out of Scope targets: A list of targets that have not been scoped for PCI compliance will be listed. Verify that none of these targets should fall within PCI scope.

  • Special Notes: Certain software that may cause a risk if it is not implemented properly will be listed here. You must attest that these items have been securely implemented.

  • Load Balancers: If load balancers are part of your your in-scope PCI infrastructure you will answer that here. If they are in use, the systems behind them need to be properly synchronized in terms of configurations.

  • Attestation: Finally, you must name the report and give your name and job title.

Clicking "I Attest" will then submit the report for review.

Review Process

All reports must be reviewed before they can be submitted to your acquiring banks or QSA. After a report has been attested to and submitted, it will go through the review process. You will then be notified whether the report has passed or been rejected.

PCI Security Standards Council

For more information about PCI compliance and standards, please visit the PCI Security Standards Council:

Pages

https://www.halosecurity.com/user/security/pci/

Last updated