Web Inspector PCI Reports
At the end of each PCI/Custom scan, Web Inspector PCI produces a vulnerability report and an executive report for each IP/Domain scanned. In addition, a consolidated report for the network device scanned is also generated.
The compliance status for each device is set as Compliant or Non-Compliant based on the discovery of potential security flaws on the device/IP/Domain.
The security flaws or the vulnerabilities are rated based on their severity levels. The rating of each vulnerability is indicated by the color of title bar of the respective report.The following table shows the official PCI severity ratings.
Rating |
CVSS Score |
Vulnarability |
Severity Level |
Scan Result |
Red |
7.0 - 10 |
Security Hole |
High |
Fail PCI Scan |
Orange |
4.0 - 6.9 |
Security Notes |
Medium |
Fail PCI Scan |
Blue |
0 - 3.9 |
Low |
Pass PCI Scan |
Based on the ratings, Web Inspector PCI categorizes the vulnerabilities as Security Holes, Security Warnings and Security Notes.
Security Holes |
A vulnerability, whose severity level is more than three or 'High', is identified as a Security Hole. To pass a PCI Compliance scan, no holes are to be found during the scan. If any holes are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved.
|
Security Warnings |
A vulnerability, whose severity level, is more than two or 'Medium', is indicated as a Security Warning. To pass a PCI Compliance scan, no warnings are to be found during the scan. If any warnings are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved. |
Security Notes |
A vulnerability, whose severity level, is more than one or 'Low', is indicated as a Security Note. |
Each Web Inspector PCI report
indicates the Security Holes, Security Warnings and Security Notes
found on each device/IP/Domain and also provides solution for
remediation.
The Scan Reports produced from the PCI scans can be assessed from the 'Reports' area of the Web Inspector PCI interface, displayed by clicking the 'Reports' tab from the Navigation bar. From this interface, you can: