Suggestions for PCI DSS assessments and endeavors – Tip 3

  • Team Omega
  • October 16, 2012

Here are some tips recommended to companies to stay compliant year after year. Compliance report from 2011 by Verizon has some new suggestions based on QSA findings from their assessments of different businesses. 

You will find one tip a week in our Omegasecure Blog site.  Please bookmark and visit this site every week for a new tip.

Tip – 3
Be consistent with your interpretation/implementation or penetration testing and vulnerability scanning.

Companies find it difficult to remediate their findings after a scan because they do not immediately validate the scope of their testing. This causes delays in their ROC and missed compliance deadline. 

Penetrations tests should be done once a year or when any changes in the network or system takes place.  Most importantly findings need to be validated before an assessment.  If this process is not followed in order, then companies would end up doing the test again on in-scope systems spending additional time. Also, another issue to be avoided is doing tests at the last minute and then trying to remediate the several findings at the last minute. If there are several items to be remediated it could take forever to finish and of course delay the ROC.