Home > Ask the Security Channel Experts > Network Security Questions & Answers > Vulnerability mitigation for PCI compliance
Ask The Security Channel Expert: Questions & Answers
EMAIL THIS

Vulnerability mitigation for PCI compliance

Retired Expert - John Kindervag EXPERT RESPONSE FROM: Retired Expert - John Kindervag

Pose a Question
Other Security Channel Categories
Meet all Security Channel Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 14 June 2007
Which vulnerabilities found in a scan conducted by a QSA need to be addressed?

>

The PCI Security Standards Council has defined procedures for Approved Scanning Vendors (ASV) to follow. There are five levels of vulnerabilities identified by PCI. An ASV scan must not show any high-level vulnerabilities, which are defined as Levels 3-5. All high-level vulnerabilities must be demonstrably mitigated before an external network can be considered compliant. This table broadly defines these severity levels:

Level

Severity

Description

5

Urgent

Trojan horses; file read-and-write exploit;
remote command execution

4

Critical

Potential Trojan horses; file read exploit

3

High

Limited exploit of read; directory browsing; denial of service

2

Medium

Sensitive configuration information can be obtained by hackers

1

Low

Information can be obtained by hackers on configuration

For more information review the ASV Scanning Procedures document available on the PCI Security Council's Web site.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
PCI DSS Compliance
How to ensure PCI-compliant firewall configurations
PCI DSS compliance: All or nothing?
Avoiding conflicts of interest in PCI security assessments
Value-adds for PCI auditors

Regulatory Compliance
Red Flags Rules compliance: Are your customers informed?
PCI compliance guide: A resource for solution providers
PCI DSS pre-assessment services: Prelude to a QSA
The impact of PCI compliance on the channel
Compliance drives opportunities for security integrators
How to turn the HIPAA compliance changes into opportunities
Data protection services offer revenue for security solution providers
Agiliance and McAfee partner for better governance, risk and compliance services
SonicWall announces partnership with Western NRG
Building a framework-based compliance program

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts