I received the below question from one of my prospect who is looking into our Policy Compliance to complete her PCI compliance effort:
Can anyone help me with the below questions?
In your document “Mapping QualysGuard Suite to the PCI Data Security Standard Requirements” (see attached), point 10 is not mentioned at all – meaning that your application doesn’t fulfil the PCI Requirement 10 section. But that document is from 2008 and was made for PCI 1.2. Do you have anything more recent document for PCI 2.0?
"Can you also confirm that your log monitor can collect Application,
Security and Systems logs as well from Windows Event Viewer? Can you
send a screenshot?
Have you had a chance to find out if your QualysGuard can scan for
credit card numbers in files and databases? Can you send a screenshot?"