Set permanent PCI Scan Dispute?
We have a set of ports that continue to fail on our PCI Scans. They are required by Microsoft, so we have to put in a dispute every time. Is there a way to permanently mark these as accepted so they do not show up in the scan as fails?
-
Official comment
Hi @... - from our backend, looks like you got help with this in a Support ticket! I'm sharing a high-level summary of the answer in case other users have the same question -
The PCI Council forbids this and so, from a PCI perspective, not much can be done but to address the underlying cause. Creating an exclusion rule could cause us to miss reporting on a bad server when using a similar port.
Per the PCI Council: "Not carry dispute findings forward from one quarterly scan to the next by the ASV. Dispute evidence must be verified and resubmitted by the scan customer, and evaluated again by the ASV, for each quarterly scan."
If a resolution becomes available, we will certainly communicate that with you here!
-
Hi @... - thanks for reaching out and I'm sorry to hear you're having trouble with our PCI scans. I'm working on getting you info to help with this right now, and I'll report back soon.
0
Please sign in to leave a comment.
Comments
2 comments