Vulnerability Scans in Compliance with Payment Card Industry Data Security Standards (PCI DSS)

OFFICE OF RECORD: Business Office
ISSUED BY: Vice President for Business Affairs
APPROVED BY: Douglas D. Knowlton, Pres
EFFECTIVE DATE: 11/01/2010                                                        01-12-06

01-12-06

Purpose

In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Dakota State University has established a formal policy for conducting vulnerability scans. This policy will be evaluated on an annual basis.

Scope

This policy applies to all systems that are subject PCI DSS requirements.

Policy

Dakota State University will conduct quarterly internal/external vulnerability scans for all hosts in the campus cardholder data environment. Audited external scans will be performed by an authorized third party. Internal scans will be performed by the Network Security Officer. Logs of the quarterly internal/external scans will be provided to the Controller.


Last Updated: 1/24/12