PCI Compliance

Navigate to your Dashboard and select the PCI dashboard monitor and manage PCI compliance status. From here, you can easily see the status of targets that are in scope for PCI scanning and whether they are currently in compliance. If any reports have been reviewed and passed, you will be able to download them.

After the targets in PCI scope have been scanned, you may submit a report to be reviewed.

Generate Report

Click the Generate Report button or the + icon in the status card to generate a new PCI report.

Generating a report begins the PCI attestation process. During this process, you will be required to answer questions to the following:

• Out of Scope targets: A list of targets that have not been scoped for PCI compliance will be listed. Verify that none of these targets should fall within PCI scope.

• Special Notes: Certain software that may cause a risk if it is not implemented properly will be listed here. You must attest that these items have been securely implemented.

• Load Balancers: If load balancers are part of your your in-scope PCI infrastructure you will answer that here. If they are in use, the systems behind them need to be properly synchronized in terms of configurations.

• Attestation: Finally, you must name the report and give your name and job title.

Clicking "I Attest" will then submit the report for review.

Review Process

All reports must be reviewed before they can be submitted to your acquiring banks or QSA. After a report has been attested to and submitted, it will go through the review process. You will then be notified whether the report has passed or been rejected.

PCI Security Standards Council

For more information about PCI compliance and standards, please visit the PCI Security Standards Council:

Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards

Pages

https://app.halosecurity.com/user/security/pci/