QualysGuard PCI Compliance
On Demand, Easy-to-Use, Cost Effective PCI Compliance
QualysGuard® PCI Compliance (PCI) provides businesses, online merchants and Member Service Providers the easiest, most cost-effective and highly-automated way to achieve compliance with the Payment Card Industry Data Security Standard. Known as PCI DSS, the standard provides organizations the guidance they need to ensure that credit cardholder information is kept secure from possible security breaches. QualysGuard PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys’ flagship solution, QualysGuard – used by thousands of organizations around the world to protect their networks from the security vulnerabilities that make attacks against networks possible.
Qualys is an Approved Scanning Vendor (ASV)
Delivered as an on demand Web application, QualysGuard PCI is the most accurate, easiest to use tool for PCI compliance testing, reporting and submission. QualysGuard PCI enables merchants and Member Service Providers to promptly complete the PCI self-assessment questionnaire, and conduct network and web application security scans to efficiently identify and eliminate security vulnerabilities. The QualysGuard PCI “auto submission” feature completes the compliance process, allowing users to submit compliance status to one or multiple acquiring banks.
QualysGuard PCI Compliance Lifecycle
Features of QualysGuard PCI Compliance
Achieve PCI Compliant Status and Secure Your Network
Through QualysGuard PCI, achieving PCI compliance status becomes a streamlined process that also provides the assurance that your network is highly secure. The QualysGuard PCI web application walks you thru the PCI compliance process with its easy to follow step by step approach and compliance tips. Our user-friendly interface, coupled with online help and 24x7x365 email/telephone support ensures success in understanding and achieving PCI compliance. Qualys is an approved scanning vendor.
Conveniently Complete the PCI “Self-Assessment Questionnaire” Online
PCI DSS requires businesses to complete a PCI Self-Assessment Questionnaire (SAQ) every 12 months. The QualysGuard PCI supports SAQ v1.2 based on PCI DSS requirements. QualysGuard PCI makes it quick and painless to fill out and auto submit the questionnaire to acquiring banks.
Quickly Eliminate Security Threats with Detailed Remediation Instructions
PCI DSS also requires businesses to perform a network security scan every 90 days on all Internet facing networks and systems. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. QualysGuard PCI automates and greatly simplifies this daunting process by providing easy-to-use reporting and identification of vulnerabilities that will cause you to fail PCI DSS. QualysGuard PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys’ flagship solution, QualysGuard. For each vulnerability discovered, QualysGuard PCI provides detailed instructions with links to verified patches, so that you can quickly eliminate each vulnerability.
Auto-Submit Compliance Status Directly to Acquiring Bank
Once you have met the validation actions the QualysGuard PCI “auto-submission” feature completes the compliance process, allowing users to submit compliance status directly to their acquiring banks. Entering your bank and merchant IDs in your “Account Settings” activates the auto-submission feature. You can also download PCI compliance reports in PDF to submit to your acquiring bank(s) or use to assist in remediation efforts.
Secure Web Applications to Meet PCI 6.6 Requirements
PCI Requirement 6.6 now requires that organizations maintain secure web applications. The QualysGuard PCI Web Application Scanning module provides users an automated tool for evaluating web applications before and after development ensuring that applications are built and maintained in a secure way. The WAS module allows users to:
- Scan vulnerability types within any application (built or customized in-house, or purchased).
- Crawl web applications.
- Identify cross-site scripting vulnerabilities.
- Isolate SQL injection attacks.
- Conduct authenticated and unauthenticated scanning.