Network discovery capabilities and the introduction of PCI Connect features highlight the new release.
QualysGuard PCI 4.0 offers merchants and acquirers the following new features:
- Discovery of live devices to help merchants define systems that are in scope for PCI.
- Automated referral program where merchants connect directly with partners offering PCI DSS solutions to validate PCI requirements within the Self Assessment Questionnaire (SAQ).
- Merchants can upload evidence to support SAQ validation in multiple formats including documents and images. This may include reports from log management systems, firewall or other device configuration settings, security policies and procedures, and anything else the merchant wishes to attach to the submission. The merchant can also chose whether or not they want to share that detail with the acquirer.
- PCI Connect technology partners can provide XML uploads from their solutions for SAQ validation. Such XML data includes a summary of compliance posture for any of the requirements in the SAQ. Technology partners that joined PCI Connect include AirTight Networks, Core Security, Imperva, RedSeal Systems, Splunk and Third Brigade.
- Acquiring banks have additional security controls of merchants when validating merchants for compliance. This assists acquires to evaluate whether merchants have met PCI requirements and whether sufficient evidence has been submitted for validation.
"QualysGuard PCI 4.0 helps merchants of all sizes better scope their PCI efforts upfront and provides the necessary workflows to connect them with leading PCI DSS solutions in order to complete the SAQ and furnish evidence of compliance. It also provides acquiring banks with a centralized view of the security posture of their merchants and therefore better assessing their risk profile," said Philippe Courtot, CEO and Chairman of Qualys.