QualysGuard PCI 4.0 released
Qualys unveiled QualysGuard PCI 4.0 which adds network discovery capabilities and introduces PCI Connect features to a PCI platform already in use by 60 percent of all Approved Scanning Vendors (ASVs) and 49 percent of Qualified Security Assessors (QSAs) to help merchants streamline PCI DSS certification and validation.
- Discovery of live devices to help merchants define systems that are in scope for PCI.
- Automated referral program where merchants connect directly with partners offering PCI DSS solutions to validate PCI requirements within the Self Assessment Questionnaire (SAQ).
- Merchants can upload evidence to support SAQ validation in multiple formats including documents and images. This may include reports from log management systems, firewall or other device configuration settings, security policies and procedures, and anything else the merchant wishes to attach to the submission. The merchant can also chose whether or not they want to share that detail with the acquirer.
- PCI Connect technology partners can provide XML uploads from their solutions for SAQ validation. Such XML data includes a summary of compliance posture for any of the requirements in the SAQ. Technology partners that joined PCI Connect include AirTight Networks, Core Security, Imperva, RedSeal Systems, Splunk and Third Brigade.
- Acquiring banks have additional security controls of merchants when validating merchants for compliance. This assists acquires to evaluate whether merchants have met PCI requirements and whether sufficient evidence has been submitted for validation.
The QualysGuard PCI on demand platform provides businesses with an automated way to validate PCI DSS compliance. Qualys is an Approved Scanning Vendor (ASV), and is fully certified to assess PCI DSS compliance.
As a new addition to the widely adopted QualysGuard PCI DSS Platform, PCI Connect streamlines business operations related to PCI compliance and validation for merchants and acquirers, all from a combined collaborative application with automated report sharing and distribution.