Network IP Scan
Based on your communication protocol a network IP scan may be required. This scan must be completed by a PCI Approved Scanning Vendor. Scans are conducted quarterly as mandated by the PCI Requirements.
Contact our Data Breach Security and Compliance Experts with additional questions at firstname.lastname@example.org or call 877-736-1184.
How Do I Know If I Need A Network IP Scan?
Network IP scans help identify vulnerabilities and misconfigurations of Web sites, applications, and information technology (IT) infrastructures with Internet-facing internet protocol (IP) addresses. Scan results provide valuable information that support efficient patch management and other security measures that improve protection against Internet attacks. PCI Security Scans may apply to all merchants and service providers with Internet-facing IP addresses.
Even if an entity does not offer Internet-based transactions, other services may make systems Internet accessible. Basic functions such as e-mail and employee Internet access will result in the Internet-accessibility of a company’s network. Such seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems and potentially expose cardholder data if not properly controlled.
Source: PCI Security Standards Council
If you have completed a Self-Assessment Questionnaire (SAQ) using version C or D you will be required to complete a scan.