New PCI Compliance Rules to Impose Significant Burdens on Merchants

BEAVERTON, Ore., April 2 /PRNewswire/ -- netVigilance, the only vulnerability assessment and PCI Approved Scanning Vendor (ASV) vendor that goes Beyond Compliance to detect up to 97% of all common vulnerabilities, today issued an urgent bulletin warning all merchants and retailers subject to PCI-DSS Compliance that new PCI regulations significantly increase their chances of PCI failure during mandatory quarterly external vulnerability scans, unless merchants take corrective actions.  Full details can be found in the press release (http://bit.ly/bTZEPz) or slide presentation (http://bit.ly/9LVnmv).

Ten Actions Merchants Must Immediately Take To Avoid PCI Failure

1. Ensure and verify previously out-of-scope components will pass PCI before your next quarterly scan.
2. Ensure that your hosted environment obtained a "pass" on its ASV scan. If your ISP will not grant permission or cannot pass, change to one who will.
3. Remove otherwise secure database servers directly on the Internet by placing them behind firewalls.
4. Scan your website specifically for HTTP Response splitting/header injection.
5. Verify that the DNS server holding your domains does not allow DNS Zone Transfers.
6. Make sure your ASV does not rely on a fully automated process to keep pricing low--new rules mandate that every scan be reviewed by a professional Security Engineer qualified by PCI.  
7. First turn off SSL v2, because SSL v2 is considered an insecure (weak) protocol. Then, ensure that you are using TLS 1.0 AND that backwards compatibility with SSL v2 is turned off.
8. Remove all non-critical uses of all remote access software: pcAnywhere™, VNC, RDP, and even VPN.
9. Move all POS systems behind the firewall.
10. A specific employee must attest that "proper scoping of the external scan is my company's" responsibility.

About netVigilance

netVigilance is the fastest growing vulnerability detection and assessment company, because it goes Beyond Compliance to detect up to 97% of common network vulnerabilities, far more than any competitor. netVigilance focuses exclusively on solutions for Network Vulnerability Detection and Assessment, including PCI Compliance. It is an active member of the PCI ASV Task Force and the CVSS SIG. For more information, visit www.netvigilance.com.

netVigilance, Beyond Compliance, Total Coverage and Total Vigilance are trademarks of netVigilance. All other trademarks are the properties of their respective owners.

SOURCE netVigilance