What criteria causes a Pass or Fail on a PCI scan

Each post-scan HackerGuardian Executive report states a PCI compliance status of 'Compliant' or 'Not Compliant' based on the discovery of potential security flaws on your systems.

If no vulnerabilities with a CVSS base score greater than 4.0 or items identified as automatic failures are detected then the scanned IP addresses, hosts and Internet connected devices have passed the test and the reports can be submitted to your acquiring bank after completing the Attestation of Scan Compliance.

If the report indicates 'Non Compliant' then the merchant or service provider must remediate the identified problems and re-run the scan until compliancy is achieved.