Mathias Hoelzli

Meeting PCI requirments with cloud-agents

Discussion created by Mathias Hoelzli on May 12, 2020

We have been meeting PCI requirements by scanning asset groups (IP ranges) monthly with our virtual scanners and saving the PDF and csv files for auditors to confirm we have scanned our scope. We have some other techniques to ticket vulnerabilities and track remediation, but as we become a more dynamic cloud-based company we are deploying agents everywhere.  My concern is educating auditors on the paradigm shift and what evidence will be needed as we move away from scanning and automatically purge agent data when it becomes stale.  Look forward to hearing what others are doing.