E-commerce (SAQ-A) merchants accepting credit and debit cards are required to submit a PCI Attestation of Scan Compliance in the PCI Compliance Manager portal each quarter as evidence their e-commerce sites are meeting the PCI external scan requirements. This form will start that attestation request process. Once the scanning vendor (Tenable) completes the attestation report it will be provided back to you as an update to this ticket.
Prerequisites
A regular PCI compliance external scan must be scheduled and a passing scan achieved before an attestation can be completed. See the PCI - External Scan Request service offering.
Additional Information
You are in the right place if you have received a message like this:
From: PCI Compliance Manager <noreply@pcicompliancemanager.com>
Subject: Compliance Scans Required Soon
"It’s time to run your compliance scans"
Compliance Information
This service can help meet PCI DSS requirements bellow:
11.3 External and internal vulnerabilities are regularly identified, prioritized, and addressed.
11.3.2 External vulnerability scans are performed as follows:
- At least once every three months.
- By PCI SSC Approved Scanning Vendor (ASV).
- Vulnerabilities are resolved and ASV Program Guide requirements for a passing scan are met.
- Rescans are performed as needed to confirm that vulnerabilities are resolved per the ASV Program Guide requirements for a passing scan.
Support
For the most efficient support experience, please submit a ticket using the request form on this page. Alternatively, contact your campus Help Center location via email, by phone, or in person.