PCI DSS Scanning in Acunetix 360

This article explains how to run a PCI DSS scan in Acunetix 360 for individual websites and groups.

NOTE: A normal scan in Acunetix 360 presents only an unofficial PCI DSS Report. For further information on how to generate reports following scans, refer to PCI DSS Compliance Report.

What is a PCI DSS scan?

Acunetix 360 users can conduct Payment Card Industry Data Security Standard (PCI DSS) scans to receive approved PCI DSS compliance reports for their public websites.

To generate an approved PCI DSS Report in Acunetix 360, you must first configure the scan to generate PCI DSS scan information. If you are not allowed to start a PCI scan, please contact our sales team at sales@acunetix.com, so the team can change your product plan.

Running a PCI DSS scan in Acunetix 360

IMPORTANT: PCI DSS scans are only available for Acunetix 360 On-Demand users and for websites whose Agent Mode is set to Cloud.

When configuring a new scan, you can enable Create PCI Scan to ensure that a PCI scan is conducted in addition to your Acunetix 360 scan. This additional PCI scan is related, but not identical, to your Acunetix 360 Scan. Scan options configured in Acunetix 360 do not affect the PCI scan, and the two scans work independently of each other.

Prerequisite

  • Allowlist the following IP address to achieve full PCI coverage: 38.123.140.0/24

How to run a PCI DSS scan in Acunetix 360

  1. Log in to Acunetix 360.
  2. Select Scans > New Scan from the main menu.
  3. Select the PCI Scan tab while configuring the scan options.
  4. Enable the Create PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Click Launch to start the scan.
NOTE: Your Acunetix 360 scan might finish before your PCI Scan is completed.
  • If you select Pause on your ongoing Acunetix 360 scan, then the PCI Scan will also pause.
  • If you select Cancel on your Acunetix 360 scan, then the PCI scan will also be canceled.

How to run a PCI DSS group scan in Acunetix 360

  1. Log in to Netsparker Enterprise.
  2. Select Scans > New Group Scan from the main menu.
  3. Select the Create PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Click Launch to start the scan.

NOTE: Your Acunetix 360 scan might finish before your PCI Scan is completed.

  • If you select Pause on your ongoing Acunetix 360 scan, then the PCI Scan will also pause.
  • If you select Cancel on your Acunetix 360 scan, then the PCI scan will also be canceled.

How to view the PCI DSS v3.2 Compliance reports

  1. Log in to Acunetix 360.
  2. Select Scans > Recent Scans from the main menu.
  3. Select Report to the right of the relevant scan.

  1. Click the Export drop-down and select one of the PCI DSS v3.2 Compliance report options:
  1. Attestation Report: This is the results report. It contains the compliance result.
  2. Detailed Report: This report contains detailed information about the IP addresses you've scanned and should not be shared with third parties.
  3. Executive Report: This report defines whether or not your environment meets the ASV scanning guidelines set by the PCI security council.

Your report automatically starts downloading and can be viewed from your default download location.

 

« Back to the Acunetix Support Page