πΌ 11.3.1 Internal vulnerability scans are performed.
- ID:
/frameworks/pci-dss-v4.0/11/03/01
Descriptionβ
As follows:
- At least once every three months.
- High-risk and critical vulnerabilities (per the entity's vulnerability risk rankings defined at Requirement 6.3.1) are resolved.
- Rescans are performed that confirm all high-risk and critical vulnerabilities (as noted above) have been resolved.
- Scan tool is kept up to date with latest vulnerability information.
- Scans are performed by qualified personnel and organizational independence of the tester exists.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/11/02/01/frameworks/pci-dss-v4.0.1/11/03/01
- Internal
- ID:
dec-c-468c6e02
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 11.2.1 Perform quarterly internal vulnerability scans. Address vulnerabilities and perform rescans to verify all βhigh riskβ vulnerabilities are resolved in accordance with the entity's vulnerability ranking. | 2 | no data | |||
| πΌ PCI DSS v4.0.1 β πΌ 11.3.1 Internal vulnerability scans are performed. | 3 | 2 | no data |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 11.2.1 Perform quarterly internal vulnerability scans. Address vulnerabilities and perform rescans to verify all βhigh riskβ vulnerabilities are resolved in accordance with the entity's vulnerability ranking. | 2 | no data | |||
| πΌ PCI DSS v4.0.1 β πΌ 11.3.1 Internal vulnerability scans are performed. | 3 | 2 | no data |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ 11.3.1.1 All other applicable vulnerabilities (those not ranked as high-risk or critical) are managed. | no data | ||||
| πΌ 11.3.1.2 Internal vulnerability scans are performed via authenticated scanning. | no data | ||||
| πΌ 11.3.1.3 Internal vulnerability scans are performed after any significant change. | no data |
Policies (2)β
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| π‘οΈ AWS Inspector EC2 Scanning is not enabledπ’ | 1 | π’ x6 | no data |
| π‘οΈ AWS Inspector ECR Scanning is not enabledπ’ | 1 | π’ x6 | no data |