Question

Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

A. Any Employee of the Organization
B. An Approved Scanning Vendor
C. A PCI DSS Service Provider
D. Any Qualified Individual

Answer 1

A qualified individual is authorized to perform an internal vulnerability scan for PCI DSS compliance, which could be an employee or external consultant with the necessary skills and certifications.

Step-by-step explanation:

When it comes to performing an internal vulnerability scan for PCI DSS compliance purposes, it is not sufficient for any employee to conduct the scan. The Payment Card Industry Data Security Standard (PCI DSS) specifies that scans must be performed by a qualified individual. This means that the correct answer to who is authorized to complete one of these scans is D. Any Qualified Individual. This individual could be an internal employee or an external consultant, provided they possess the necessary skills and certifications. However, to clarify, the term 'Approved Scanning Vendor' typically refers to a company or service approved by the PCI Council to perform external scans, not internal ones.