Skip to main content

๐Ÿ’ผ 11.3.1 Internal vulnerability scans are performed.

  • ID: /frameworks/pci-dss-v4.0/11/03/01

Descriptionโ€‹

As follows:

  • At least once every three months.
  • High-risk and critical vulnerabilities (per the entity's vulnerability risk rankings defined at Requirement 6.3.1) are resolved.
  • Rescans are performed that confirm all high-risk and critical vulnerabilities (as noted above) have been resolved.
  • Scan tool is kept up to date with latest vulnerability information.
  • Scans are performed by qualified personnel and organizational independence of the tester exists.

Similarโ€‹

  • Sections
    • /frameworks/pci-dss-v3.2.1/11/02/01
    • /frameworks/pci-dss-v4.0.1/11/03/01
  • Internal
    • ID: dec-c-468c6e02

Similar Sections (Take Policies From)โ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 11.2.1 Perform quarterly internal vulnerability scans. Address vulnerabilities and perform rescans to verify all โ€œhigh riskโ€ vulnerabilities are resolved in accordance with the entity's vulnerability ranking.no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 11.3.1 Internal vulnerability scans are performed.3no data

Similar Sections (Give Policies To)โ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 11.2.1 Perform quarterly internal vulnerability scans. Address vulnerabilities and perform rescans to verify all โ€œhigh riskโ€ vulnerabilities are resolved in accordance with the entity's vulnerability ranking.no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 11.3.1 Internal vulnerability scans are performed.3no data

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ 11.3.1.1 All other applicable vulnerabilities (those not ranked as high-risk or critical) are managed.no data
๐Ÿ’ผ 11.3.1.2 Internal vulnerability scans are performed via authenticated scanning.no data
๐Ÿ’ผ 11.3.1.3 Internal vulnerability scans are performed after any significant change.no data