"The only real security that a man can have in this world is a reserve of knowledge, experience and ability."
Internal vulnerability scanning is a set of conscious actions aiming to define, identify, and classify the vulnerabilities in an organization's IT infrastructure, conducted from inside the network on all internal-facing hosts that are in scope of the company's PCI DSS assessment.
Internal vulnerability scanning is necessary for PCI DSS certification (requirement 11.2.1), which stipulates that:
- Scanning is performed quarterly and after significant changes to your environment.
- All “high risk” vulnerabilities are resolved in accordance with your vulnerability ranking.
- Highest priority should be given to vulnerabilities with the highest risk.
- The scans must be performed by qualified personnel.
TALK TO US
Seven Security Group executes internal vulnerability scans that meet both the internal and "scan-after-significant-change" PCI DSS requirement 11.2. Together with you, we will scope and schedule the quarterly scans.
We deploy methodology and tools and also have the staff that is qualified (as required by PCI DSS) to perform the scans.