Overview of official and informal PCI DSS compliance reports
The PCI Compliance Report helps you to meet the Payment Card Industry Data Security Standard (PCI DSS). This is a set of security requirements that was established by major card networks in 2004. The standard is regularly updated to address evolving threats. Organizations that rely on credit or debit card payments are required to follow these rules.
What are PCI and ASV
- PCI (PCI-DSS): The Payment Card Industry Data Security Standard is a set of security guidelines to protect cardholder data and ensure secure credit card transactions for companies that process, store, or transmit this information.
- ASV (Approved Scanning Vendor): A company authorized by the PCI Security Standards Council to perform external vulnerability scans on systems that handle credit card data. ASVs help businesses comply with PCI DSS and undergo strict approval processes to ensure that they can accurately detect vulnerabilities.
Invicti Enterprise's approach to generating PCI DSS compliance reports
Invicti Enterprise isn't an ASV. However, we offer official PCI scanning services through our partner, Clone Systems, an authorized ASV.
A complete list of ASVs is available here. You can search for Clone Systems, Inc. to locate their listing. Invicti Enterprise isn't included on this list.
Invicti Enterprise provides two approaches for PCI DSS compliance reporting:
- Invicti Enterprise's audit ruleset for PCI compliance - informal report
- PCI ASV (Clone System) scan report - official report
This document serves as an introduction and a guide to PCI DSS Compliance scanning and reporting in Invicti Enterprise, providing an overview of the available options and directing you to related resources.
Invicti Enterprise's audit ruleset for PCI compliance - informal report
The informal PCI DSS compliance report is an internal assessment tool that identifies vulnerabilities based on PCI DSS requirements. While useful for preliminary evaluations, it's not considered an official PCI report. This option is available to all customers.
Refer to the related documentation for more information about the Informal PCI DSS compliance report:
- Running informal PCI DSS compliance scans
- Exporting informal PCI DSS compliance report
- Understanding informal PCI DSS compliance report
PCI ASV (Clone System) scan report - official report
This is an official report generated using the PCI ASV Clone System. It meets the official requirements of PCI DSS compliance and serves as a recognized validation of the organization's adherence to the standard. With Invicti Enterprise's official PCI DSS compliance report, you can easily identify vulnerabilities and issues that violate the standard.
There is a Scan Profile/New Scan setting available. To create an official PCI DSS Compliance report, you must have the Account can create PCI Scan option enabled. This option is available to our Invicti Enterprise on-demand customers.
Contact your CSM if you have PCI DSS requirements, and need a report from a PCI ASV.
This report gives you detailed technical insights, making it especially useful for your developers and IT team. It also provides a summary of your overall security posture to help you quickly understand your compliance status.
Clone Systems scans don't adhere to the scan configurations (that is, scan policy/profile, and scopes) within the Invicti Enterprise platform. Instead, they scan the entire domain name no matter what level you are.
Clone Systems maintains a database of Network Vulnerability Tests (NVTs) that is updated daily. This database is reviewed and tested annually by the PCI DSS Council as part of the ASV renewal process.
Additional information about Clone Systems can be found at these links:
For more information about the official PCI DSS compliance report, refer to the following documents:
For other reports available in Invicti Enterprise, refer to Overview of reports, Report templates, and Built-in reports.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center