McAfee TSA00M005PAA Processor Guide - Page 123
Overview of the certification process, Types of devices to scan
UPC - 731944556253
View all McAfee TSA00M005PAA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 123 highlights
Using the SaaS Vulnerability Scanning Service Overview of the certification process Overview of the certification process This is the high-level process for maintaining compliance with certification standards for your network. PCI certification To maintain compliance with the PCI certification standards: 1 Take the self-assessment questionnaire. This is available on the PCI tab of the SaaS vulnerability scanning portal. It helps you identify the tools used by your website to process customer payment data. 2 Add devices to scan and configure scanning options. For Service Level, select Devices PCI. The Scan Frequency defaults to Quarterly, per the requirements for certification. You can also perform on-demand scans as needed. 3 View results of the scans and suggested remediation tasks (if vulnerabilities were found). Results and instructions for obtaining documentation to certify your compliance are provided on the portal. McAfee SECURE Trustmark To maintain compliance with the standards for McAfee SECURE trustmark: 1 Take the self-assessment questionnaire. (Recommended) This is available on the PCI tab of the SaaS vulnerability scanning portal. It helps you identify the tools used by your website to process secure information. 2 Add devices to scan and configure scanning options. For Service Level, select Devices McAfee SECURE. The Scan Frequency defaults to Daily, per the requirements for certification. You can schedule additional scans as needed. 3 Copy the trustmark code and place it on your website. The code and instructions for using it are available on the portal. 4 View results of the scans and suggested remediation tasks (if vulnerabilities were found). Results and instructions for obtaining documentation to certify your compliance are provided on the portal. If severe vulnerabilities are not resolved within 72 hours, the trustmark code becomes invisible on your site and an action item is displayed on the SecurityCenter. When the vulnerabilities are resolved and the site is scanned successfully, then the trustmark code becomes visible on your site again. Types of devices to scan Scans target two types of network components. • D evice - A single host, IP address, or domain name. • N etwork - A range of IP addresses. These scan targets are called devices on the SaaS vulnerability scanning portal. Before running scans, you must add each device you want to scan to your account on the SaaS vulnerability scanning portal. If you are unsure of the IP addresses to add, you can add a domain name and run a discovery scan to identify the IP addresses. 123 McAfee Total Protection Service Product Guide