External vulnerability scanning in the payment card industry

(no votes)

In May 2024, the National Payment Card System (NSPK JSC) published version 1.6 of “Security Programme. Mir Payment System Standard”. The Pogramme requirements include, among others, external vulnerability scanning to be carried out by a vulnerability scanning service provider located in Russia and certified by the Payment Card Industry Security Standards Council (PCI SSC). The provider must have the Approved Scanning Vendor (ASV) status to confirm compliance with the PCI DSS standard. The requirement is not new, but still raises a number of questions. Current QSA auditor at Deiteriy Yulia Danilova answers the most frequently asked questions.

In May 2024, the National Payment Card System (NSPK JSC) published version 1.6 of “Security Programme. Mir Payment System Standard”. The Pogramme requirements include, among others, external vulnerability scanning to be carried out by a vulnerability scanning service provider located in Russia and certified by the Payment Card Industry Security Standards Council (PCI SSC). The provider must have the Approved Scanning Vendor (ASV) status to confirm compliance with the PCI DSS standard. The requirement is not new, but still raises a number of questions. Current QSA auditor at Deiteriy Yulia Danilova answers the most frequently asked questions.

Journal:  PLUS №7-8 (315-316), 2024

Read in this issue: