By submitting this form, you consent to Qualys' privacy policy
Email or call us at 1 (800) 745-4355
Are you fully covered for PCI DSS 4.0?
PCI DSS 4.0 adds new requirements related to vulnerability scanning authentication, asset classification, file access management, cloud security, and much more. Are you ready? Qualys can help.
What’s new in PCI DSS 4.0?
PCI DSS 4.0 introduces a more flexible and risk-based approach to cybersecurity compared to its predecessor, PCI DSS 3.2.1. This updated standard emphasizes continuous monitoring and allows organizations to tailor their security measures to align with their unique risks and business priorities. By enabling customization based on real-world scenarios, such as adopting cloud-native solutions for large cloud infrastructures, companies can implement more effective controls while maintaining compliance.
Under PCI DSS 4.0, firms are encouraged to adopt a risk-based approach to cybersecurity implementation. By leveraging robust threat intelligence, organizations can better understand and prioritize their true risks, ensuring efficient resource allocation and faster resolution of critical issues. This proactive stance enhances overall security posture and helps businesses stay ahead of evolving cyberthreats. The Qualys Enterprise TruRisk Platform includes more than a dozen apps that can help ensure audit ready compliance with PCI DSS 4.0.
Leverage the Qualys Enterprise TruRisk Platform to meet your PCI DSS 4.0 risk-based requirements
Requirements 6.3.1, 6.3.3
The Qualys Enterprise TruRisk platform enhances risk-based analysis and prioritization for vulnerability management and patching requirements by using the Qualys TruRisk score and comprehensive threat intelligence.
Learn More
Requirements 7.2.4, 7.2.5, 8.3.6, 8.6.3
Qualys Policy Compliance (PC) continuously validates privileged account access. Inappropriate accounts can be identified and removed using remediation capabilities. Qualys PC includes controls for password complexity and password history settings to ensure that passwords are sufficiently complex and cannot be used indefinitely.
Learn More
Requirements 11.3.1.1, 6.3.3
Qualys Patch Management (PM) ensures adherence to PCI DSS 4.0 timely patch requirements by providing one console to patch everything using a prioritized risk-based approach.
Learn More
Requirements 10.2.1.1, 1.2.2.c
The Qualys Enterprise TruRisk Platform extends File Integrity Monitoring (FIM) with real-time monitoring of unauthorized access to sensitive data and configuration change detection on network devices.
Learn More
Requirements 12.5.1, 2.2.3
Qualys CyberSecurity Asset Management (CSAM) discovers all assets with complete business context for all cardholder data environment (CDE) external facing assets.
Learn More
Requirement 11.3.2.1
Qualys Vulnerability Management, Detection & Response (VMDR) includes Qualys PCI ASV. Requirements for external scanning can be met as Qualys is an Approved Scanning Vendor (ASV). Qualys VMDR also covers all the new requirements for internal scanning authentication.
Learn More
All PCI DSS 4.0 Requirements
For each requirement, testing procedures require the examination of documented policies and procedures. The roles and responsibilities for performing activities in each PCI requirement need to be documented, which can be done using the Qualys Security Assessment Questionnaire (SAQ).
Learn More
Requirements 1, 6
PCI DSS 4.0 has been expanded to cover cloud infrastructure and components, both external and on premises. This includes instantiations of containers or images, virtual private clouds, cloud-based identity and access management, CDEs residing on premises or in the cloud, service meshes with containerized applications, and container orchestration tools. Qualys TotalCloud (TC) covers these requirements.
Learn More
Extend Compliance Coverage from VMDR
Qualys Compliance Solutions are built natively into the Enterprise TruRisk Platform. Combined with VMDR, customers can:
Create compliance dashboards to highlight compliance gaps and provide pre-built templates, profiles, and policies to achieve full compliance.
Measure, communicate, and eliminate cyber risk across the global hybrid IT environment.
Clearly report and articulate risk to internal and external compliance stakeholders across 950 policies, 20,000 controls, and 100 regulations.
Explore VMDR SolutionPowered by the Enterprise TruRisk™ Platform
The Enterprise TruRisk Platform provides you with a unified view of your entire cyber risk posture so you can efficiently aggregate and measure all Qualys & non-Qualys risk factors in a unified view, communicate cyber risk with context to your business, and go beyond patching to eliminate the risk that threatens the business in any area of your attack surface.
