Running official PCI DSS Scans and PCI DSS Group Scans
THIS DOCUMENT IS FOR:
- Acunetix 360 On-Demand
With Acunetix 360, you can efficiently run individual PCI DSS scans or group scans, streamlining the compliance process and enabling you to generate approved compliance reports tailored to your business needs.
NOTE: Acunetix 360 provides two approaches for generating PCI DSS compliance reports to assist organizations in assessing their compliance with the Payment Card Industry Data Security Standard. Refer to Overview of Official and Informal PCI DSS Compliance Reports for more information. |
This document explains how to configure and execute official PCI DSS scans and group scans within Acunetix 360.
IMPORTANT: PCI DSS scans are available exclusively to Acunetix 360 On-Demand users and for websites configured with the Agent Mode set to Cloud. For details on the differences between the Cloud and Internal Agent Modes, refer to the related documentation. To create an official PCI DSS Compliance report, you must have the ‘Account can create PCI Scan’ option enabled. Contact your CSM if you have PCI DSS requirements, and need a report from a PCI ASV. |
Prerequisites
Refer to our whitelisting guidelines for Acunetix 360 On-Demand to see what IP addresses to whitelist to achieve full PCI coverage.
How to run an official PCI DSS scan
- In Acunetix 360, select Scans > New Scan from the left-side menu.
- Fill in the Target URL and the Scan Profile.
- Select the PCI Scan tab while configuring the scan options.
NOTE: This PCI scan is related to but not identical to your Acunetix 360 Scan. Scan options configured in Acunetix 360 do not affect the PCI scan, and the two scans work independently of each other. |
- Select the Create PCI Scan checkbox.
- Configure the remaining settings as required.
- Click Launch to start the scan.
NOTES:
|
How to run an official PCI DSS group scan
- In Acunetix 360, select Scans > New Group Scan from the left-side menu.
- Fill in the Target URL and the Scan Profile.
- Select the PCI Scan tab while configuring the scan options.
NOTE: This PCI scan is related, but not identical, to your Acunetix 360 Scan. Scan options configured in Acunetix 360 do not affect the PCI scan, and the two scans work independently of each other. |
- Select the Create PCI Scan checkbox.
- Configure the remaining settings as required.
- Click Launch to start the scan.
NOTES:
|
Configuring quarterly assessments
If you would like to set up quarterly assessment scans, our Technical Support team will be delighted to help. Open a support ticket, and we will set this up for you.
Running authenticated scans
PCI scanning does not require authenticated scans. However, authenticated scans can be performed using the Acunetix 360 Vulnerability Scanning service. If you wish to conduct authenticated scans through Clone Systems, Acunetix 360 Technical Support can help you with the appropriate setup.
Exporting official PCI DSS Reports
Acunetix 360 allows you to export three types of PCI DSS reports:
- Attestation Report: This report provides the compliance results, summarizing whether the requirements have been met.
- Detailed Report: This report includes comprehensive information about the scanned IP addresses. It is intended for internal use only and should not be shared with third parties.
- Executive Report: This report outlines whether your environment complies with the ASV scanning guidelines established by the PCI Security Council.
For instructions on how to export these reports, refer to our Exporting the official PCI DSS Compliance Report document.