Merchant Certificate of Compliance

Similar documents
Payment Card Industry (PCI) Executive Report 11/07/2017

Payment Card Industry (PCI) Executive Report 11/01/2016

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

PCI DSS 3.2 AWARENESS NOVEMBER 2017

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Section 1: Assessment Information

PCI DSS COMPLIANCE 101

PCI COMPLIANCE IS NO LONGER OPTIONAL

Section 1: Assessment Information

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Attestation of Compliance for Onsite Assessments Service Providers

SAQ A AOC v3.2 Faria Systems LLC

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Technical Report 11/07/2017

PCI Compliance. Network Scanning. Getting Started Guide

Payment Card Industry (PCI) Data Security Standard

Navigating the PCI DSS Challenge. 29 April 2011

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Scan Report Executive Summary

PCI Compliance Assessment Module with Inspector

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C-VT and Attestation of Compliance

Self-Assessment Questionnaire A

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Scan Report Executive Summary

Payment Card Industry (PCI) Data Security Standard

Site Data Protection (SDP) Program Update

Payment Card Industry (PCI) Data Security Standard

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Cyber Essentials Questionnaire Guidance

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance

Commerce PCI: A Four-Letter Word of E-Commerce

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

IBM Managed Security Services - Vulnerability Scanning

Merchant Guide to PCI DSS

Payment Card Industry (PCI) Data Security Standard

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.2)

Customer Compliance Portal. User Guide V2.0

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

Scan Report Executive Summary

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C

Payment Card Industry Data Security Standards Version 1.1, September 2006

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

University of Sunderland Business Assurance PCI Security Policy

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0

Carbon Black PCI Compliance Mapping Checklist

How to Complete Your P2PE Self-Assessment Questionnaire

PCI Compliance: It's Required, and It's Good for Your Business

Webinar: How to keep your hotel guest data secure

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B-IP and Attestation of Compliance

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

PCI DSS v3. Justin

Tenable.io User Guide. Last Revised: November 03, 2017

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

Network Vulnerability Scan

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Self-Assessment Questionnaire A

GUIDE TO STAYING OUT OF PCI SCOPE

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Payment Card Industry (PCI) 3-D Secure (PCI 3DS) Qualification Requirements for 3DS Assessors

Qualified Integrators and Resellers (QIR) TM. QIR Implementation Statement, v2.0

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance for Merchants

Transcription:

Merchant Certificate of Compliance Awarded To: Consolid S.R.L. (55504923) Self - Assessment Questionnaire Passed: SAQ D, v3.2r1.1 Date Awarded: 03/01/2018 Most Recent Scan Date: 06/04/2018 Certificate Number: This is to certify that the named merchant has completed the proper Self-Assessment Questionnaire and associated remediation activities using the ExpertPCI TM program, and has been found PCI compliant per the PCI Security Standards, as set forth by the Payment Card Industry Security Standards Council and endorsed by the major payment brands. Based upon the information provided by the merchant regarding their policies, procedures and technical systems that store, process and/or transmit cardholder data and the ASV scans of those systems (as required), the Merchant has satisfactorily met the requirements of PCI DSS on the date of issue. No other guarantees are given. This certificate of compliance should be printed and kept on file, in the event merchant is required to show validation of PCI DSS compliance. It is the merchant s responsibility to maintain current and on-going PCI DSS compliance. If scans have been completed, current scan reports should be kept with the certificate of compliance. 1 st Secure IT LLC makes no representation or warranty to any third party as to whether merchant s systems are secure or protected from attack and/or breaches, or whether cardholder data is at risk of being compromised. 1 st Secure IT LLC accepts no liability to any third party in the event of loss or damage of any description, caused by any failure in or breach of merchant s security. This certificate is for the sole purpose of identifying compliance and can not be used for any other purpose. 03201801492301 Mark Akins CISSP, PCI QSA

1 ASV Scan Report - Attestation of Scan Compliance 1. Scan Customer Information Company: Consolid S.R.L. Contact Name: Javier Aszerman Job Title: Administrator Telephone: 5229654987 E-mail: java@javans.tech Business Address: Paraguay 866, 8 A City: Buenos Aires State/Province: ZIP: 10818 Country: URL: 2. Approved Scanning Vendor Information Company: SAINT Corporation Contact Name: SAINT ASV Staff Job Title: IT Security Consultant Telephone: 301-656-0521 E-mail: asvstaff@saintcorporation.com Business Address: 4720 Montgomery Lane Suite 800 City: Bethesda State/Province: MD ZIP: 20814 Country: URL: http://www.saintcorporation.com 3. Scan Status Date scan completed: Mar. 1, 2018 Scan expiration date (90 days from scan date): May 30, 2018 Compliance Status: PASS Scan Report Type: Full scan Number of unique in-scope components scanned: 2 Number of identified failing vulnerabilities: 0 Number of components found by ASV but not scanned because scan customer confirmed they were out of scope: 2 4. Scan Customer Attestation Consolid S.R.L. attests on March 1, 2018 that this scan (either by itself or combined with multiple, partial, or failed scans/rescans, as indicated in the above Section 3, "Scan Status") which should be in scope for PCI DSS, any component considered out of scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions including compensating controls if applicable is accurate and complete. Consolid S.R.L. also acknowledges 1) accurate and complete scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. Signature: Name: Title: 5. ASV Attestation This scan and report was prepared and conducted by SAINT Corporation under certificate number 4268-01-10, according to internal processes that meet PCI DSS Requirement 11.2.2 and the ASV Program Guide. SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, 3) compensating controls (if applicable), and 4) active scan interference. This report and any exceptions were reviewed by SAINT ASV Staff. Scan Session: mid236748; Scan Policy: PCI; Scan Data Set: 1 March 2018 17:23

1 SAINTwriter Assessment Report Report Generated: March 2, 2018 1 Introduction On March 1, 2018, at 5:23 PM, a PCI assessment was conducted using the SAINT 9.2.1 vulnerability scanner. The scan discovered a total of two live hosts, and detected zero critical problems, zero areas of concern, and zero potential problems. The hosts and problems detected are discussed in greater detail in the following sections. 2 Summary The following vulnerability severity levels are used to categorize the vulnerabilities: CRITICAL PROBLEMS Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service. AREAS OF CONCERN Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack. POTENTIAL PROBLEMS Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary. SERVICES Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable. The sections below summarize the results of the scan.

2 2.1 Vulnerabilities by Severity This section shows the overall number of vulnerabilities and services detected at each severity level. 2.2 Hosts by Severity This section shows the overall number of hosts detected at each severity level. The severity level of a host is defined as the highest vulnerability severity level detected on that host.

3 2.3 Vulnerabilities by Class This section shows the number of vulnerabilities detected in each vulnerability class. Class Description Web Vulnerabilities in web servers, CGI programs, and any other software offering an HTTP interface Mail Vulnerabilities in SMTP, IMAP, POP, or web-based mail services File Transfer Vulnerabilities in FTP and TFTP services Login/Shell Vulnerabilities in ssh, telnet, rlogin, rsh, or rexec services Print Services Vulnerabilities in lpd and other print daemons RPC Vulnerabilities in Remote Procedure Call services DNS Vulnerabilities in Domain Name Services Databases Vulnerabilities in database services Networking/SNMP Vulnerabilities in routers, switches, firewalls, or any SNMP service Windows OS Missing hotfixes or vulnerabilities in the registry or SMB shares Passwords Missing or easily guessed user passwords Other Any vulnerability which does not fit into one of the above classes

4 2.4 Vulnerabilities by Subnet This section shows the number of vulnerabilities detected at each severity level for each subnet that was scanned. 2.5 Hosts by Subnet This section shows the overall number of hosts detected at each severity level for each subnet that was scanned. The severity level of a host is defined as the highest vulnerability severity level detected on that host.

5 2.6 Vulnerabilities per Class by Subnet This section shows the number of vulnerabilities detected per subnet in each vulnerability class. 35.170.84

6 34.227.166 2.7 Top 10 Vulnerable Hosts This section shows the most vulnerable hosts detected, and the number of vulnerabilities detected on them. 3 Overview The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein.

7 3.1 Host List This table presents an overview of the hosts discovered on the network. Host Name Netbios Name IP Address Host Type Critical Problems Areas of Concern Potential Problems ec2-34-227-166-198.compute-1.amazonaws.com 34.227.166.198 0 0 0 ec2-35-170-84-50.compute-1.amazonaws.com 35.170.84.50 0 0 0 3.2 Vulnerability List This table presents an overview of the vulnerabilities detected on the network. Host Name Severity Vulnerability / Service Class CVE Exploit Available? ec2-34-227-166-198.compute-1.amazonaws.com nothing to report ec2-35-170-84-50.compute-1.amazonaws.com nothing to report 4 Details The following sections provide details on the specific vulnerabilities detected on each host. 4.1 ec2-34-227-166-198.compute-1.amazonaws.com IP Address: 34.227.166.198 Scan time: Mar 01 17:19:19 2018 nothing to report 4.2 ec2-35-170-84-50.compute-1.amazonaws.com IP Address: 35.170.84.50 Scan time: Mar 01 17:23:00 2018 nothing to report Scan Session: mid236748; Scan Policy: PCI; Scan Data Set: 1 March 2018 17:23 Copyright 2001-2018 SAINT Corporation. All rights reserved.

1 ASV Scan Report Executive Summary Report Generated: March 2, 2018 Part 1. Scan Information Scan Customer Company: Consolid S.R.L. ASV Company: SAINT Corporation Date scan was completed: March 1, 2018 Scan expiration date: May 30, 2018 Part 2. Component Compliance Summary Component PCI Compliant? 34.227.166.198 PASS 35.170.84.50 PASS Part 3a. Vulnerabilities Noted for each Component Component:Port Vulnerability / Service 34.227.166.198 nothing to report 35.170.84.50 nothing to report CVE PCI Severity CVSSv2 Base Score PCI Compliant? Exceptions, False positives, or Compensating Controls Noted by the ASV for this Vulnerability Part 3b. Special Notes by Component Component Special Note Item Noted Scan customer's description of action taken and declaration that software is either implemented securely or removed. Part 3c. Special Notes - Full Text Part 4a. Scope Submitted by Scan Customer for Discovery 34.227.166.198 35.170.84.50

2 Part 4b. Scan Customer Designated "In-Scope" Components (Scanned) 34.227.166.198 / ec2-34-227-166-198.compute-1.amazonaws.com 35.170.84.50 / ec2-35-170-84-50.compute-1.amazonaws.com Part 4c. Scan Customer Designated "Out-of-Scope" Components (Not Scanned) 207.171.188.4 / amazon-smtp.amazon.com (mail exchanger for ec2-34-227-166-198.compute-1.amazonaws.com) - Scan customer attests that IP address is not in scope. 72.21.206.80 / www.amazonaws.com (in same domain as ec2-35-170-84-50.compute-1.amazonaws.com) - Scan customer attests that IP address is not in scope. Scan Session: mid236748; Scan Policy: PCI; Scan Data Set: 1 March 2018 17:23 Copyright 2001-2018 SAINT Corporation. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback