PCI Compliance Reports
Metasploit Pro provides the ability to generate PCI reports for your penetration test. The findings should be used as an appendix for PCI standards testing and not as an actual audit.
· 2.2.1 – Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server.
·
· 6.1 – Ensure that all system components and software have the latest vendor-supplied security patches installed. Deploy critical patches within a month of release.
· 8.2 – Employ at least one of these to authenticate all users: password or passphrase; or two-factor authentication.
· 8.4 – Render all passwords unreadable for all system components both in storage and during transmission using strong cryptography based on approved standards.
· 8.5 – Ensure proper user authentication and password management for non-consumer users and administrators on all system components.
· 8.5.8 – Do not use group, shared, or generic accounts and passwords, or other authentication methods.
![]() |