AnsweredAssumed Answered

PCI Scan Sharing & Linking

Question asked by Bernie Weidel on Feb 22, 2016

Launching your PCI Scan in Qualys:

As a Qualys Customer you can run your PCI Scans in Qualys by going to Scans > Scans > New > Scan. The Launch Vulnerability Scan page will then ask you for a Title, Option Profile, Scanner Appliance & Assets. You must select correctly for your scan to be eligible for PCI Certification.

-You can use any Title you wish

-You must use the "Payment Card Industry (PCI) Options (System)" scan profile. You can simply type in PCI to quickly pull up all profiles with PCI in the titles

-You must use the "External" Scanner option

-You must use External IP's

You can then click launch for your PCI Scan to run.

*Please note you can run 1 large scan for PCI, or several smaller scans. You just need to be sure to Share all required scans to the Qualys PCI Portal afterwards for PCI Certification.



Sharing your PCI Scan from Qualys to your PCI Portal:

Once your PCI Scans have completed you can go to Scans > Scans and click on the Scan Title to populate the bottom window in the interface with the scan preview details. In that bottom window you will see a link for View Summary, View Results & Share with PCI. Click on the Share with PCI link to share your scan to your PCI Portal for Certification & Reporting.



Navigating your PCI Portal to complete PCI Certification & Reporting:

You can then refer to our PCI Walkthrough Video for assistance in navigating the PCI Portal, where you can submit False Positive Exceptions and Generate your Final Certified Report with Attestation and Submit the report to your Bank. Walkthrough: QualysGuard PCI 5.0



Setting up your initial PCI Account Link:

If you do not see the "Share with PCI" link then please follow the below instructions to Setup a Link:

Go to Scans > Setup > PCI Account Links:


Option A) If you already have a PCI Portal account click "Add Existing PCI Account" to input your Username & Password to your PCI Portal.

Please note the PCI Portal username includes an @ sign and will typically be your email address.


Option B) If you don't already have a PCI Portal account click "Create New PCI Account" to create one for reporting purposes. Then you can go back to the above step to Share your PCI Scan.


Please note your PCI Account will be for reporting only, and so it will show 0 IP's by default. You do not need to add in your IP's in your PCI Portal. The system will dynamically import the IP's when you share the scan per the above instructions.