PCI DSS Scanning in Acunetix 360

Acunetix 360 users can conduct Payment Card Industry (PCI) Scans to receive approved PCI compliance reports for their public websites.

PCI Scans are only available for Acunetix 360 On-Demand users and for websites whose Agent Mode is set to Cloud.

For further information, see PCI DSS Compliance Report.

Prerequisite

Allowlisting requirement

  • Allowlist the following IP address to achieve full PCI coverage: 38.123.140.0/25

Running a PCI DSS scan in Acunetix 360

When configuring a New Scan, you can enable Create PCI Scan to ensure that a PCI Scan is conducted in addition to your Acunetix 360 scan. This additional PCI Scan is related, but not identical, to your Acunetix 360 Scan. Scan Options configured in Acunetix 360 do not affect the PCI Scan and the two scans work independently of each other.

How to run a PCI DSS scan in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. Select the PCI Scan tab while configuring the Scan Options.
  4. Select the Create PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Select Launch.
How to run a PCI Group scan in Acunetix 360
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Scans > New Group Scan.
  3. In the New Website Group Scan window, while configuring the Scan Options, select the Enable PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Select Launch.

PCI DSS scan status management in Acunetix 360

Management of the PCI Scan's status is related to your Acunetix 360 scan:

  • If you select Pause on your ongoing Acunetix 360 scan, then the PCI Scan will also pause.
  • If you select Cancel on your Acunetix 360 scan, then the PCI scan will also cancel.

Sometimes, your Acunetix 360 scan might finish before your PCI Scan is completed. If this is the case, you can manage your PCI Scan state in your Scan Report detail UI. It gives you the option to Stop the PCI Scan.

Your Scan Report UI will provide you with information on whether your PCI scan is running, how far it has progressed, and what number and level of issues it has detected so far. If you stop your PCI Scan, your Scan Report UI informs you of this and provides you with the options to Resume or Delete this scan.

Viewing PCI DSS scan results in Acunetix 360

When your PCI Scan is complete, you view the Compliance result on the Report page.

How to view the PCI DSS scan Rresult
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > Recent Scans.
  3. Next to the relevant scans, select Report.
  4. On the Scan Summary page, select the Export drop-down to download a report.

This PCI Compliance report can come in three formats. This table lists and explains PCI Scan Results Reports.

PCI Scan Results Report

Description

Attestation Report

This is the results report. It contains the compliance result.

Detailed Report

This report contains detailed information about the IP addresses you've scanned and should not be shared with third parties.

Executive Report

This report defines whether or not your environment meets the ASV scanning guidelines set by the PCI security council.

 

« Back to the Acunetix Support Page