PCI DSS Compliance : Handling False Positives

info Nessus Plugin ID 60020

Language:

Synopsis

Notes the proper handling of false positives in PCI DSS scans.

Description

Note that per PCI Security Standards Council (PCI SSC) standards, if the version of the remote software is known to contain flaws, a vulnerability scanner must report it as vulnerable. The scanner must still flag it as vulnerable, even in cases where a workaround or mitigating configuration option is in place. This will result in the scanner issuing false positives by PCI SSC design.

It is recommended that any workarounds and mitigating configurations that are in place be documented including technical details, to be presented to a third-party PCI auditor during an audit.

Plugin Details

Severity: Info

ID: 60020

File Name: pci_false_positive_exp.nasl

Version: 1.3

Type: summary

Family: Policy Compliance

Published: 7/18/2012

Updated: 4/4/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/ParanoidReport, Settings/PCI_DSS

Detections

Analytics