Introduction to Our Scanning Solution

This user manual provides you with instructions on how to use the Clone Systems Scanning Portal and will help you achieve the following:

• Conduct quarterly external scans of your cardholder data environment so that you can obtain an Attestation of Compliance (AOC) report that you can send to your acquirer or payment brand and comply with requirement 11.2.2 of the Payment Card Industry (PCI) Security Standards Council (SSC).
• Identify and remediate vulnerabilities in your cardholder data environment so that you can improve your security posture.
• Select and complete a PCI SSC self-assessment questionnaire (SAQ) for self-evaluating your organizations compliance with the PCI SSC

Items you need to get started

Hostnames / IPs / FQDNs for your cardholder data environment

Begin by identifying the Hostnames / IP addresses / FQDNs for all the components in your cardholder data environment which should be in scope for PCI SSC. Identifying the proper scope is the sole responsibility of the client

Portal Best Practices

1. Whitelisting PCI ASV External Scanners- External Scanner Range (38.123.140.0/25)
2. Limit scans to 100 IPs per target and use report combining to merge and compile final reports.