Qualys announced QualysGuard PCI 5.0, giving customers a simplified way to meet the latest PCI DSS compliance requirements. It includes updates following new Approved Scanning Vendor (ASV) requirements and a simplified user interface with workflows.
QualysGuard PCI 5.0 streamlines the process with a new easy-to-follow wizard-driven UI guiding customers through answering the Self-Assessment Questionnaire (SAQ), running compliance scans, remediating network and web application vulnerabilities, and documenting proof of compliance for online submission to acquiring banks.
New features include:
- Dashboard Homepage. The new home page is a starting hub for all the important workflows like asset wizard, SAQ wizard or starting a scan. It instantly provides users with the status of compliance, including percentage of hosts that pass and counts of high, medium and low vulnerabilities.
- Asset Scoping Wizard. A new workflow has been added to walk customers through the process of identifying IPs and domains that are in scope for PCI compliance.
- Compliance Wizard. Customers are required to work with ASVs to confirm on a quarterly basis that reports adhere to PCI DSS requirements for scoping, false positive documentation and scan completeness. The new compliance wizard helps customers through each step of the process in an informative manner, presenting what the user needs to complete to generate the compliance report, including special notes, the consolidated action plan and filling out the mandatory merchant attestation.
- Interactive Reports. The ASV scan report now includes a new format with additional content, revised scoring terminology (High, Medium and Low), and sections for attestations. The report is fully interactive as it highlights confirmed and potential vulnerabilities, with sliding panels for detailed information and quick filters to search and sort on various criteria instantly.
- False Positives Reporting. Approved false positives must be revalidated by the ASVs on a quarterly basis. New workflows now provide an easy-to-use interface to identify these false positives and resubmit them for approval every 90 days.