AnsweredAssumed Answered

IPs to scan for PCI compliance

Question asked by Craig Dunn on Apr 2, 2014

Hi Folks.


This is my first post here and it's a real newbie question... I am unsure about which IPs have to be included in PCI compliance scans.


The words "Your account must include all Internet-facing IP addresses and/or ranges. If you have domains that host in-scope PCI infrastructure you need to configure your account to also include these domains." are surely intended to answer my question, but they don't. They create the confusion and uncertainty I'm feeling!


I have a handful of sites on my server, but only one which touches credit card info. Do they all have to be scanned, or just the "hot" one.


The map-scan of showed only one scannable IP, the named domain itself - so is that the only one I need in my account?


I would very much appreciate all comments and explanations which help to clear this up for me!




Craig Dunn