PCI Scan Results

Overview (Fortra VM) and details (WAS)

View items needing attention for compliance under PCI Progress. Select PCI Failures and PCI Requires 3b Notes to view and take action on relevant items.

Vulnerabilities

From the scan results, select PCI Failures and PCI Requires 3b Notes (as described above) or navigate to the PCI tab to enter disputes and 3b notes.

IMPORTANT: The PCI tab will only be accessible with an active PCI ASV dispute administration permission on your user account and a completed PCI assessment from a PCI Scan.

All vulnerability results will be listed and designated with a green PASS or red FAIL badge. All failing vulnerabilities must be resolved and rescanned to show a PASS status for compliance.

  • Right-clicking each vulnerability provides options for filtering and addressing vulnerability disputes.

  • Selecting the vulnerability expands it to show comments and notes from your PCI Analyst.

Use the quick filter options under the More menu to filter for vulnerabilities that are failing or require additional documentation (3b notes).

Run your PCI scan again, once all failed vulnerabilities have been addressed, to fulfill PCI requirements for a compliant result.

NOTE: Potential vulnerabilities are required to be reported for PCI compliance. Per the ASV Program Guide, v4.0r2, potential vulnerabilities must be scored the same as confirmed vulnerabilities and must have the same effects on compliance determination. When Fortra VM detects the host's operating system or software version, all vulnerabilities associated with that OS or software version will be listed. This may lead to false positives. If this is the case, a dispute should be entered with evidence that the potential vulnerability does not exist on that host. Potential vulnerabilities can be identified by a ? icon and by filtering for "Vuln: detect class is potential." See Include potential CVCs for more details.