• Overview
• Benefits
• Pricing
• Free Scan
• PCI Portal FAQ
• PCI DSS Explained

Related Content

• Using the PCI Data Security Standard
• Rapid7 Approved Scanning Vendor

Rapid7 PCI Compliance Portal FAQs

• How does the Rapid7 PCI Compliance Portal help me become PCI certified?
• What makes the Rapid7 PCI Compliance Portal different than other solutions?
• Who is Rapid7?
• If Rapid7 is going to prepare my company's Visa PCI Compliance Report, why isn't Rapid7 on the Visa CISP Assessor List?
• How much does the Rapid7 PCI Compliance Portal cost?
• How difficult is it for me to complete the PCI compliance process?
• How often do I need to scan my Internet facing systems?
• What if the scan result shows that my site has vulnerabilities?
• What do I do after my web site has been scanned and I have completed the security self assessment?
• Does Rapid7 provide customer support as part of its PCI data security service?
• What if I have already paid for compliance from another PCI security company?
• Where can I get more information about meeting the PCI standards?
• How do I sign up for the Rapid7 PCI Compliance Portal?

What does Rapid7's Certified PCI Compliance service include?

Rapid7's comprehensive and easy-to-use PCI certification service includes:

• Unlimited access to the web-based PCI Compliance Portal
• Scheduled quarterly scans
• Unlimited on-demand scans to retest your system whenever needed
• Online technical support from CISSP certified security specialists
• Assistance helping you prepare your security self-assessment questionnaire
• Assistance creating and implementing your required security policy
• A Certification of Compliance accepted by all credit companies and all banks worldwide

How does the Rapid7 PCI Compliance Portal help me become PCI certified?

The Rapid7 PCI Compliance Portal enables merchants to run scans that adhere to the PCI requirements, complete a PCI self assessment questionnaire and submit the appropriate compliance reports to acquiring banks. Because Rapid7 is an Approved Scanning Vendor, we are able to provide the certification necessary to prove compliance to your service provider.

Who is Rapid7?

Rapid7 provides vulnerability management and risk assessment solutions that help companies understand the risk of vulnerabilities in their IT environment and ensure their networks are not compromised. Spun-off from a group of established software companies, Rapid7 was founded in 1999 by its current principals, who possess extensive technological expertise, sales acumen, and business operations experience. Rapid7 is privately funded and has achieved steady growth by meeting the needs of global enterprises to assess and prevent network vulnerabilities that expose the organization to data security threats and potential legal and financial liabilities.

As a Visa and MasterCard "Qualified Independent Scan Vendor," all credit card companies and banks worldwide accept Rapid7's Certification of PCI Compliance.

If Rapid7 is going to prepare my company's Visa PCI Compliance Report, why isn't Rapid7 on the Visa CISP Assessor List?

Only merchants with over 6 million transactions per year require an on-site audit, conducted by a "Qualified Independent Security Assessor, or Visa CISP Assessor," in addition to network scans conducted by a "Qualified Independent Scan Vendor" such as Rapid7. Rapid7 has partnered with Coalfire Systems, a Qualified Independent Security Assessor, to offer Level 1 merchants and all levels of payment processors, a complete solution that includes an on-site CISP Level 1 Compliance Assessment and quarterly network scans.

What makes the Rapid7 PCI Compliance Portal different than other solutions?

Rapid7's PCI Compliance Portal is built upon NeXpose, our award-winning vulnerability management product, to provide the highly accurate scanning capability required for ensuring your network is safe from hackers. NeXpose goes beyond scanning just network devices and scans for Web site and database vulnerabilities that hackers can use to capture credit card information without you being aware. The Rapid7 PCI Compliance Portal can help you eliminate 4 of the 5 top credit card risks named by VISA. These include missing or outdated software security patches, use of vendor-supplied default settings and passwords, SQL injection, and unnecessary and vulnerable services enabled by default on servers.

How much does the Rapid7 PCI Compliance Portal cost?

The Rapid7 PCI Compliance Portal offers a quick and cost-effective way to achieve PCI DSS compliance for an annual service fee. Your annual fee provides you with:

• Unlimited security scans.
• Unlimited access to the web-based PCI Compliance Portal.
• Scheduled quarterly scans by an approved scanning vendor.
• Online technical support from CISSP certified security specialists.
• Assistance with preparation of your security self-assessment questionnaire.
• Assistance with creating and implementing your required security policy.
• Certificate of Compliance accepted by all the acquiring banks worldwide.

Contact Rapid7 Sales to get pricing that suits your particular environment.

How difficult is it for me to complete the PCI compliance process?

The Rapid7 PCI Compliance Portal makes achieving PCI compliance a simple, automated process. The portal helps you identify the systems to be scanned, provides you with an online self-assessment questionnaire that you can be filling out while the scan runs, and then provides automated assistance in delivering the approved PCI documents to your acquiring bank.

How often do I need to scan my Internet facing systems?

All merchants are required to complete a network security scans every 90 days by an approved PCI scanning vendor and submit the appropriate reports to your merchant bank. Rapid7 is an approved PCI scanning vendor.

What if the scan result shows that my site has vulnerabilities?

Complete instructions for patching any vulnerabilities are available within your Vulnerability Management Portal. This information can be easily made available directly to your web host or IT staff using your Rapid7 account. Online technical support is also available.

What do I do after my web site has been scanned and I have completed the security self assessment?

Within your Vulnerability Management Portal, you can print a PCI compliance report as well as the completed self-assessment form. You may also have Rapid7 submit this information directly to your merchant bank.

Does Rapid7 provide customer support as part of its PCI data security service?

Customer support is available through Rapid7's online portal where you will find a variety of resources, including interactive tutorials, best practices information, FAQs and online support request forms to help you understand how to pass the security scans as well as complete the self- assessment questionnaire.

What if I have already paid for compliance from another PCI security company?

If you are already using another PCI security scanning service, you can easily switch to Rapid7 and save hundreds or thousands of dollars. All credit card companies and all banks accept Rapid7's Certified PCI Compliance.

Where can I get more information about meeting the PCI standards?

More information, including complete step-by-step instructions for meeting the PCI requirements are available within your Rapid7 account under the PCI Resources subtab.

How do I sign up?

Copyright © 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Overview
• |
• Benefits
• |
• Pricing
• |
• Free Scan
• |
• PCI Portal FAQ
• |
• PCI DSS Explained
• |
• Contact