Vulnerability Scans in Compliance with Payment Card Industry Data Security Standards (PCI DSS)
OFFICE OF RECORD: Business Office
ISSUED BY: Vice President for Business Affairs
APPROVED BY: Douglas D. Knowlton, Pres
EFFECTIVE DATE: 11/01/2010 01-12-06
In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Dakota State University has established a formal policy for conducting vulnerability scans. This policy will be evaluated on an annual basis.
This policy applies to all systems that are subject PCI DSS requirements.
Dakota State University will conduct quarterly internal/external vulnerability scans for all hosts in the campus cardholder data environment. Audited external scans will be performed by an authorized third party. Internal scans will be performed by the Network Security Officer. Logs of the quarterly internal/external scans will be provided to the Controller.