The Initial Data Collection Process

A challenging aspect of ensuring your clients’ PCI compliance is gathering and organizing the vast amount of necessary data. Network Detective makes this easy by giving you a central repository to safely and securely collect the information.

The Pre-Scan Questionnaire

This initial questionnaire should be completed before starting any scans. It is used to gather preliminary information regarding the target site.

Network & Local Quick PCI Scans

Run the non-intrusive Network Detective Local Quick PCI scanner on the network, as well as any PCs your customers are using in association with credit card data activity. It typically takes less than one minute to perform the quick scan on an individual machine.

External Vulnerability Scan

An external vulnerability scan can be initiated remotely, either before or after the other automated scans. This scan is included with your subscription, so you’re free to run an unlimited number at no extra charge. Many MSPs run these routinely before ordering a certified scan from an ASV to make sure they will pass.

ASV External Vulnerability Scan

Clients who accept credit cards must have an external vulnerability scan performed on a quarterly basis by an Approved Scanning Vendor (ASV). MSPs cannot perform the scan themselves. We’ve partnered with ASV to make these affordable certified scans available to order easily from inside the Network Detective application. There is a small quarterly charge for each scan, which you can bill to your client or include as part of your on-going PCI compliance services.

Internal Vulnerabilities Scan

Expand the scope of your review by including an internal vulnerabilities scan in your assessment by attaching a Network Detective Inspector appliance to the Cardholder Data Environment (CDE). Whether you do a limited “PCI check-up” or go all-out with a full PCI Data Security Standards assessment, the data collected from the scans is automatically correlated and seamlessly integrated into your reports. No need to copy and paste the results from different tools into a single document.  It’s all done for you.

The Cardholder Data Environment ID and Deep Scan

Once you’ve gathered the initial data and uploaded it into the Network Detective application, the tool will generate customized worksheets based on the preliminary data collected that will allow you to identify components of the Cardholder Data Environment. A PCI Deep Scan, which includes a “deep-dive” Primary Account Number (PAN) scan, should be run on all computers identified as belonging to the Cardholder Data Environment (CDE). You can also run the PCI Deep Scan on a sampling of computers outside the CDE to see if credit card data is being stored outside the CDE.

Documenting Exceptions and Compensating Controls

The next step is to have the tool generate a Compensating Controls Worksheet, which will list issues that have been identified. You will note any exceptions and add further explanations as well as detail any Compensating Controls that your client has put in place to comply with PCI.