Creating a PCI compliance report

In IBM QRadar Vulnerability Manager, you can create and run a PCI compliance report.

The PCI compliance report demonstrates that your assets involved in PCI activities comply with security precautions that prevent outside attack.

Before you begin

Ensure that you ran a PCI compliance scan.

Procedure

  1. Click the Reports tab.
  2. On the toolbar, select Actions > Create.
  3. Click Weekly and then click Next.
  4. Click the undivided report layout that is displayed on the upper left section of the report wizard and click Next.
  5. Type a Report Title.
  6. In the Chart Type list, select Vulnerability Compliance and type a Chart Title.
  7. In the Scan Profile list, select the scan profile for the assets that you scanned.
    Attention: If no scan profile is displayed, you must create and run a PCI scan of the assets in your network that store or process PCI information.
  8. In the Scan Result list, select the version of the scan profile that you want to use.
    Remember: To provide evidence of your compliance, you must select the Latest option in the Scan Result list. You can also generate a compliance report by using a scan profile that was run at an earlier date.
  9. In the Report Type list, select a report type.

    If you select Executive Summary, Vulnerability Details, or a combination of both, the attestation is automatically attached to your PCI compliance report.

  10. Complete the information in the Scan Customer Information and Approved Scanning Vendor Information panes.
    Important: You must add a name in the Company field for both panes, as this information is displayed in the attestation section of the report.
  11. Click Save Container Details and then click Next.
  12. Use the Report Wizard to complete your PCI compliance report.

Results

The report is displayed in the reports list and is automatically generated.

Note:

Some table columns in the resultant PDF document are not displayed when you create a PDF report with the following parameters:

  • Chart type - Vulnerabilities
  • Graph type - Table
  • Data to use - Current
  • Group by - Instance

The large number of table columns that cannot fit on a standard landscape US letter page causes this error to occur.

To avoid this issue, do not use PDF output for this type of report. View Vulnerabilities Reports that use Group by Instance in a spreadsheet or XML format. To export the report, select XLS or XML as the report format in the Report Wizard.