NeXpose Release January 31, 2011 (Product)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This 2011-01-31 release is a product update.


New PCI Host Details report

  • Supplementing the three standard PCI report templates, the new PCI Host Detail report template provides detailed, sorted scan information about each asset covered in a PCI scan. This perspective allows a scanned merchant to consume, understand, and address all the PCI-related issues on an asset-by-asset basis.


Evidence column in PCI Vulnerability Details report


  • The PCI Vulnerability Details report includes an Evidence column that lists proof for each detected vulnerability, providing the ASV with greater validation and confidence in scan results.


Auto-populating of PCI report fields

  • The PCI Executive Summary report includes auto-populated special notes for discovered instances of directory browsing and remote access software, making this report more thorough in coverage of security issues.
  • The product now auto-populates the PCI Attestation of Compliance with ASV-specific contact information, eliminating the need for an ASV to manually enter this information. Additionally, the product auto-populates the PCI Executive Summary, the PCI Vulnerability Details, and the PCI Host Details reports with the ASV's name.
  • The Exceptions, False Positives, or Compensating Controls field in the PCI Executive Summary report is now auto-populated with the user name of the individual who excluded a given vulnerability.


Sectioning of PCI report templates

  • PCI report templates are now divided into individual sections in the manner of other report templates. This improvement enables hypertext linking from the table of contents to referenced sections in the PCI Vulnerability Details and Host Details reports in PDF and HTML output formats. Another benefit of the sectioning is that you can create custom report templates from the sections that make up PCI templates.

    NOTE: Due to PCI Council restrictions, section numbers of PCI reports are static and cannot change to reflect the section structure of a customized report. Therefore, a customized report that mixes PCI report sections with non-PCI report sections may have section numbers that appear out of sequence.


Report look-and-feel enhancements

  • Vulnerabilities in the PCI Vulnerability Details report are grouped by severity level and then sorted by CVSS scores for better prioritization.
  • Special notes are consolidated into a single section in the PCI Executive Summary report, making it easier to locate these notes.
  • Improvements to font consistency and layout make PCI reports more visually accessible.


Logo customization for PCI reports

  • ASVs can customize PCI reports with their company logos or other graphics for more branding options.


Revised ASV Guide

  • The revised ASV Guide contains detailed information about all improvements and known issues with these PCI reports. It also provides instructions for configuring report creation for maximum benefits. You can request the guide from Technical Support.