What criteria causes a Pass or Fail on a PCI scan?
Each post-scan HackerGuardian vulnerability report states a PCI compliance status of 'Compliant' or 'Not Compliant' based on the discovery of potential security flaws on your systems.|
The following table shows the official PCI severity ratings and their HackerGuardian equivalent names.
PCI Severity Rating and HackerGuardian Severity Rating
5 – Urgent – Trojan Horses, file read and write exploit, remote command execution Security Hole
4 – Critical – Potential Trojan Horses, file read exploits Security Hole
3 – High – Limited exploit of read, directory browsing and Denial of Service Security Hole
2 – Medium – Sensitive information can be obtained by hackers on configuration Security Warning
1 - Low – Information can be obtained by hackers on configuration Security Information/Note
If no vulnerabilities of severity levels 3, 4 or 5 (named 'security holes' in 'HackerGuardian') are detected then the scanned IP addresses, hosts and internet connected devices have passed the test and the report can be submitted to your acquiring bank.
If the report indicates 'Non Compliant' then the merchant or service provider must remediate the identified problems and re-run the scan until compliancy is achieved.