Cloud Platform
Solutions
Subscriptions
Cloud platform apps
Customers
Partners
Community
Support
Company
Login

Cloud platform apps

PCI Compliance.

Automate, simplify and attain PCI compliance quickly.

The most accurate, easy and cost-effective cloud solution for PCI compliance testing, reporting and submission

SABA

Qualys has been easy for us to deploy, and makes it possible for us to secure our systems, save time, and maintain PCI compliance more easily.

Information Security Manager,
OfficeMax Mexico

Key Features

User-friendly, guided approach

PCI streamlines and walks you through the Payment Card Industry Data Security Standard compliance process. With tips, a friendly, intuitive interface, online help and 24/7 Qualys email and phone support, PCI lets you protect cardholder information from breaches. No need to hire costly experts to achieve compliance.

Streamlined scanning and remediation

PCI scans all Internet-facing networks and systems with Six Sigma (99.9996%) accuracy, generates easy to use reports and provides detailed patching instructions for each vulnerability discovered. That way, you’ll make sure you’re meeting the PCI DSS requirements for protecting the collection, storage, processing and transmission of cardholder data.

Support for web app requirement

PCI also covers the standard’s requirement for maintaining secure web applications. Its Web Application Scanning module automates the evaluation of web apps during and after development, ensuring they’re built and maintained securely. The module conducts authenticated and unauthenticated scans within any web app type — custom-built in house, or commercial.

Automated report submission

An auto-submission feature completes the compliance process once you’re finished with remediation. Enter your bank and merchant IDs in your account settings to activate this feature. PCI will send the compliance status report directly to the acquiring banks. You can also download PCI compliance reports in PDF.

Achieve PCI compliance and secure your network

As an Approved Scanning Vendor (ASV), Qualys has been authorized by the PCI Security Standards Council to conduct the quarterly scans required to show compliance with PCI DSS. The cloud-based Qualys PCI solution helps you achieve compliance via a streamlined process that also gives you assurance your network is secure.

  • Benefit from the ASV requirements that Qualys PCI fulfills, including:

    • Disruption-free: When conducting a scan, Qualys PCI doesn’t interfere with the cardholder data system
    • No stealth software installations: Qualys PCI will never install any software on your systems without your knowledge and pre-approval
    • No dangerous tests: Qualys PCI will not conduct tests that overload your systems or cause an outage
    • Conforming reports: Qualys PCI produces reports that conform to the standard’s requirements

  • Follow an easy step-by-step approach and intuitive compliance tips in a user-friendly interface

  • Automatically complete the required quarterly scans, and also scan as often as you like on an ad hoc manner, for PCI compliance and for identifying and remediating vulnerabilities as soon as they appear in your network

  • Scan your network in segments and remediate/re-scan for vulnerabilities on target IPs. No need to scan your entire network

  • Leverage 24/7 online help and email/telephone support for understanding and pursuing compliance

  • Monitor all assets on premises and in private, public or hybrid clouds

  • Scan web apps during and after development to ensure they’re built and maintained securely

Quickly eliminate security threats with detailed remediation instructions

PCI DSS requires businesses to perform a network security scan every 90 days on all Internet-facing networks and systems in accordance with a defined set of procedures. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. Qualys PCI:

  • Automates and greatly simplifies scanning and remediation

  • Provides easy-to-use reporting of vulnerabilities that will cause you to fail PCI DSS

  • Uses the Qualys Cloud Platform to accurately scan vulnerabilities

  • Provides detailed instructions for each detected vulnerability, with links to verified patches for rapid remediation

Generate reports

Qualys PCI generates two PCI network reports that are similar but intended for different purposes: One designed to offer proof of compliance, and the other to serve as a remediation guide.

  • Generates PCI Executive Report for submitting to the acquiring bank to document PCI compliance. This report provides summary level information only

  • Generates PCI Technical Report for identifying vulnerabilities and prioritizing remediation. This report includes technical details to assist with remediation

  • Includes in the reports an overall PCI compliance status of “passed” or “failed”

    • An overall PCI compliance status of “passed” indicates that all hosts in the report passed the PCI DSS compliance standards set by the PCI Council. A host compliance status is provided for each host. A PCI compliance status of “passed” for a single host/IP indicates that no vulnerabilities or potential vulnerabilities were detected on the host.
    • If you fail the assessment, you can view a list of detected vulnerabilities and potential vulnerabilities, including those that must be fixed to obtain compliance as well as vulnerabilities that we recommend that you fix. View detailed remediation information.

Auto-submit compliance status directly to acquiring bank

Once you have met the validation actions, the Qualys PCI “auto-submission” feature completes the compliance process.

  • Automatically submits compliance status directly to your acquiring banks

  • Allows you to download PCI compliance reports in PDF to submit to your acquiring bank or to assist in remediation efforts

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at +1 800 745 4355.