Breakdown of the Payment Card Industry (PCI) audit scan template used in Control Compliance Suite Vulnerability Manager (CCS-VM)
Article ID: 156489
Updated On:
Products
Issue/Introduction
Breakdown of the Payment Card Industry (PCI) audit scan template used in Control Compliance Suite Vulnerability Manager (CCS-VM)
Resolution
This audit of Payment Card Industry (PCI) compliance uses only safe checks, including network-based vulnerabilities, patch/hotfix verification, and application-layer testing. CCS-VM(NeXpose) scans all TCP ports and well-known UDP ports. CCS-VM(NeXpose) does not perform policy checks
Why use this template: Use this template to scan assets as part of a PCI compliance program.
Device/vulnerability scan: Y/Y
Maximum # scan threads: 10
ICMP (Ping hosts): Y
TCP ports used for device discovery: 22, 23, 25, 80, 443
UDP ports used for device discovery: None
Device discovery performance: 5 ms send delay, 4 retries, 1000 ms block timeout
TCP port scan method: Stealth scan (SYN)
TCP optimizer ports: None
TCP ports to scan: All possible (1-65535)
TCP port scan performance: 1 ms send delay, 5 blocks, 15 ms block delay, 5 retries
UDP ports to scan: Well-known numbers
Simultaneous port scans: 5
Specific vulnerability checks enabled (which disables all other checks): None
Specific vulnerability checks disabled: Policy check types
Feedback
