Network vulnerability scans are performed using a PCI ASV (Approved Scanning Vendor) solution on a quarterly basis. These scans are performed internally and externally as part of PCI requirements. Monitoring tools are also used to verify whether OneLogin systems are susceptible to emerging vulnerabilities by scanning the software packages installed on each system.
What’s the primary purpose of this initiative?
Network vulnerability scans help OneLogin identify vulnerabilities and misconfigurations of websites, applications, and information technology infrastructures.
What’s the scope?
Internal and external scans of the network environment.
How often are you evaluated/audited?
Network scans are performed on a quarterly basis and monitoring tools report ad hoc on emerging vulnerabilities.
Who performs the evaluation/audit?
OneLogin performs the scans using a PCI ASV approved solution and other tools for ongoing monitoring.
Who is the primary audience?
OneLogin - internal use only
Where can I get a copy of the report/certificate?
Results of network scans are only shared with the acquiring bank per PCI requirements. Susceptibility to emerging vulnerabilities, e.g., Heartbleed, are reported in the Customer Help Portal, as needed.