{“lastseen”:”2025-09-19T12:08:18″,”description”:”We\u2019re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. \\n\\nThis major update improves usability, streamlines compliance workflows, and brings a modern design aligned with the Qualys Enterprise TruRisk Platform. \\n\\n\\n\\n## **What\u2019s New: User Experience Enhancement ** \\n\\nThe new UI has been designed with speed, clarity, and accessibility at its core: \\n\\n * Navigate faster \u2013 Simplified workflows save time and reduce clicks. \\n\\n\\n * Work more efficiently \u2013 Dynamic layouts and intuitive components accelerate tasks. \\n\\n\\n * Boost productivity \u2013 A modern design streamlines compliance interactions. \\n\\n\\n * Enable accessibility for all users \u2013 Optimized fonts, contrasts, and layouts. \\n\\n\\n * Consume data effortlessly \u2013 Clean visuals make scan results and insights easy to interpret. \\n\\n\\n * Take timely actions \u2013 Clear separation between actionable tasks and general updates. \\n\\n\\n * Simplify decision-making \u2013 Fewer upfront choices make navigation intuitive. \\n\\n\\n\\n\\n\\n## **Key Compliance Features: PCI ASV Scanning for External Networks** \\n\\n 1. **Redesigned Login Page aligned with the Qualys TrusRisk Platform UI**\\n\\n\\n\\n\\n\\n 2. **Compliance at a glance \u2013 View overall PCI posture, scan results, and report deadlines.**\\n\\n\\n\\n\\n\\n 3. **Review and Filter Vulnerabilities Impacting PCI Compliance**\\n\\n\\n\\n\\n\\n 4. **Simplified Scan Scheduling \u2013 Easily run, filter, and manage scans across large IP ranges** \\n\\n\\n\\n\\n\\n\\n 5. **Guided Attestation Workflow \u2013 Step-by-step wizard for ASV report generation, submission, and tracking**\\n\\n\\n\\n\\n\\n## **Strengthen PCI DSS 4.0 Compliance with Qualys** \\n\\n**Ensuring Successful PCI DSS 4.0 Audits with Qualys Applications** \\n\\nPCI DSS 4.0 covers a broad range of requirements, and many of these elements represent the best standard practices for implementing and maintaining a comprehensive enterprise cybersecurity program. With various integrated Qualys security applications, such as VMDR, Web Application Scanning, Policy Audit, FIM, Patch Management, CAR, and several others, the Qualys Enterprise TruRisk Platform can play a key role in driving your PCI DSS 4.0 compliance process. \\n\\nOur security experts have developed a detailed whitepaper that breaks down PCI DSS 4.0: What\u2019s changed, why it matters, and how Qualys applications can help you address specific requirements with clarity and confidence. **Download the PCI DSS 4.0 whitepaper****** \\n\\n**Executive Dashboard for PCI DSS 4.0: Simplifying Audit Readiness with Qualys Enterprise TruRisk Platform**\\n\\n\\n\\n**Qualys Addresses All Critical PCI DSS 4.0 Requirements** \\n\\n * Continuous Discovery \\u0026 Inventory of Assets in CDE, with CMDB Sync \\n\\n\\n * External \\u0026 Internal Vulnerability Management, including for cloud assets \\n\\n\\n * Detect \\u0026 protect public-facing Web Applications from attacks \\n\\n\\n * Automatically identify, prioritize patches per threats in PCI-scoped assets \\n\\n\\n * Ensure secure configurations \\u0026 monitor critical files for unauthorized changes (not hash-based) \\n\\n\\n * Self-Assessment Questionnaire (SAQ) \\n\\n\\n 1. **Qualys for 240+ PCI requirement mapping** \\n\\n**Qualys cloud platform capabilities** | **Requirements addressed** \\n—|— \\nCyberSecurity Asset Management | 3 \\nIT asset secure configuration | 77 \\nExternal \\u0026 Internal Vulnerability Management | 15 \\nPatch Management | 1 \\nWeb app security | 1 \\nFile integrity monitoring | 2 \\nSAQ \u2013 PCI self-assessment | 143 \\nPCI ASV scanning | 1 \\n \\n 2. **Qualys TruRisk Apps for PCI DSS 4.0 Compliance** \\n\\n\\n\\nThe Qualys Enterprise TruRisk Platform includes more than a dozen apps that can help ensure audit-ready compliance with PCI DSS 4.0. \\n\\n**Qualys App** | **PCI DSS 4.0 Benefits** \\n—|— \\nQualys Policy Audit (PA) | Enables continuous assessment of the cardholder data environment. Qualys PA provides a ready-to-use mandate-based template for PCI DSS 4.0 consisting of security checks that automate the assessment of in-scope PCI assets. These checks automatically scan technical secure configuration assessment requirements. \\nQualys Security Assessment Questionnaire (SAQ) | Helps mid-sized and smaller enterprises use an instrument prescribed by PCI DSS 4.0 called a Self-Assessment Questionnaire (SAQ). As the link explains, there are nine different SAQs that correspond to your type of organization and environment. Eligible organizations can use the SAQ to self-evaluate their compliance with PCI DSS. Validation results are submitted to the organization\u2019s acquiring bank or payment brand(s) with an Attestation of Compliance. \\nQualys Vulnerability Management, Detection, and Response (VMDR) | A foundational solution for managing CDE cyber risks (Req. 2, 5, 6, 11). It addresses the third goal for a CDE vulnerability management program and Requirement 11\u2019s need for regularly testing the security of CDE systems and networks. VMDR excels at detecting internal and external risks and efficiently responding to vulnerabilities. Authenticated scanning is a new PCI DSS 4.0 requirement. Unlike other scanners, VMDR performs authenticated scans, such as for certificate inventory. VMDR also includes Qualys PCI ASV Compliance to ensure compliance for external scans, which require ASV. \\nQualys Web Application Scanning (WAS) | Continuously detects vulnerabilities and misconfigurations of CDE internal and external-facing web applications (Req. 6, 11). This app finds malware in web apps and informs DevOps teams on exposed payment data and other PII. \\nQualys File Integrity Monitoring (FIM) | Provides \u201clow-noise\u201d CDE integrity monitoring efforts and compliance (Req. 1, 10, 11, 12), including unauthorized modification and change detection that accurately separates false alerts from positive hits and allows for whitelisting. This is important for new requirement 11.3.1.1 as auditors will be more restrictive in not allowing low level alerts to be ignored. Qualys FIM also includes File Access Monitoring (FAM) to alert on unauthorized file access and agentless network device support. Both are now needed to comply with new PCI DSS 4.0 requirements. \\nQualys CyberSecurity Asset Management (CSAM) | Includes External Attack Surface Management (EASM) and provides an accurate, context-rich inventory of all CDE cyber assets to identify security gaps (Req. 2) and CSAM provides full visibility and control of the CDE\u2019s external attack surface (Req. 2, 12). \\nQualys Patch Management (PM) | Enables automating the entire patching process for operating systems, mobile devices and third-party applications \u2013 even for remote devices within the cardholder data environment (Req. 1, 6, 10, 11). \\nCustom Assessment \\u0026 Remediation (CAR) | PCI DSS 4.0 requires organizations to maintain an up-to-date inventory of all bespoke and custom software, including APIs. CAR creates reusable custom detections and remediations while allowing for the deployment of custom configurations. \\nQualys TotalCloud (TC) | PCI DSS 4.0 includes several requirements that refer to cloud controls, such as access controls, monitoring and logging, incident response, patching and updates, scans, and more. Qualys TotalCloud can measure risk with 360-degree scanning to detect vulnerabilities and detect malware with up to 99 percent accuracy. \\nQualys Multi-Vector Endpoint Detection and Response (EDR) | EDR is recommended to integrate vulnerability management of the CDE with endpoint threat detection and response (Req. 5, 12). \\n \\n## **Qualys Advantages for Achieving PCI Compliance** \\n\\n * Continuously Monitor \\u003e97%+ PCI requirements \\n\\n\\n * Only platform which addresses 20 biggest PCI 4.0 requirements \u2013 which result into attacks per DBIR report \\n\\n\\n * Cloud-based PCI-Approved scanning solution \\n\\n\\n * Unified measurement of PCI DSS 4.0 \\n\\n\\n * Telemetry to prevent, detect \\u0026 respond to data breaches \\n\\n\\n * Audit friendly, out-of-the-box dashboard \\u0026 compliance reports to communicate PCI posture \\n\\n\\n * Eliminate PCI risks \u2013 blind spots of compliance, fix risks in cloud, non-cloud assets** ** \\n\\n\\n\\n\\n\\n### **How to Get Started**\\n\\nThe Enhanced PCI UI will begin rolling out on **September 25, 2025**. You\u2019ll receive in-platform notifications and email updates to keep you informed about the transition. \\n\\n**Phase** | **Phase 1** : Switching option to UI 4.0 | **Phase 2** : Automatic New PCI UI Upgrade with Rollback Option | **Phase 3** : Mandatory New PCI UI Upgrade \\n—|—|—|— \\n**Duration** | Day 1 to Day 30 | Day 31 to Day 60 | Starting Day 90 \\n**What to Expect** | Users will log in to the Old UI and see the Pop up prompting them to stay or try the new version, with the Toggle Switch to switch between the two UI any time. | Users will log in to the new UI and see a pop-up prompting them to stay or go back to the old UI, with a toggle switch available at any time. | Old UI is fully phased out. The toggle button to revert is no longer available. All users will be on the New UI permanently. \\n**Key Action** | Familiarize yourself with the New UI and provide feedback. Option to skip New PCI UI prompts. | Use this period to complete your transition. | Contact your Technical Account Manager (TAM) regarding any help required. \\n \\n## **Try Qualys PCI Compliance Solution** \\n\\nCan you automatically assess your cardholder data environment and easily address issues to achieve PCI compliance? With Qualys, you get one holistic view of your assets and PCI compliance posture, along with all the tools you need to meet PCI DSS requirements. \\n\\n* * *\\n\\n**Streamline PCI compliance from scans to audits, all in one place.**\\n\\nGet Free Trial\\n\\n* * *\\n\\n### **Tell us what you think** \\n\\nYour input made this update possible. The new PCI ASV UI goes beyond simply meeting PCI DSS 4.0 requirements. It enables faster work, easier compliance, and smoother audits. Try the new interface and share your feedback to help us keep improving the experience. \\n\\nIf you need assistance at any stage, your Technical Account Manager (TAM) and Qualys Support are ready to help. Thank you for being part of this journey and for strengthening the Qualys platform with every release. \\n\\nStay tuned for more updates. \\n\\n### **Frequently Asked Questions (FAQs)** \\n\\n**What is the new PCI 4.0 UI?** \\n \\nThe new **PCI 4.0 UI** is an upgraded version of our current interface, designed to improve usability, provide a modern look and feel, and enhance your overall experience. It includes streamlined navigation, better accessibility, and a refreshed design. \\n— \\n**Why was the new UI introduced?** \\n \\nThe new UI was developed to deliver a smarter, faster, and more user-friendly experience that supports seamless PCI DSS 4.0 compliance. It brings both visual enhancements to simplify and streamline core compliance activities. \\n \\n**Enhanced User Experience with a Modern Interface** \\n \\nA sleek, intuitive design makes it easier to access and understand key information such as scan results, compliance status, and report deadlines at a glance. \\n \\n**Simplified Scan Management** \\n \\nThe upgraded interface allows users to quickly schedule, filter, and manage scans across large IP ranges with improved control and efficiency. \\n \\n**Guided Attestation Workflow** \\n \\nThe attestation process has been redesigned with a step-by-step wizard that walks users through ASV report generation, submission, and tracking making the process clear and straightforward. \\n \\n**Built to Support PCI DSS 4.0 Compliance** \\nEvery element of the new UI has been crafted to align with PCI DSS 4.0 requirements, ensuring users stay compliant with the latest standards effortlessly \\n**How will the New UI 4.0 be rolled out ?** \\n \\nThe New UI will be rolled out globally in phases. Once it\u2019s available on your platform: A banner will appear after you log in, prompting you to switch to the New UI. \\n**How can I enable the new PCI 4.0 UI ?** \\n \\nYou can enable the new UI by toggling the \\”Switch to UI 4.0\\” button located at the top-right corner of the application. Once enabled, the application will switch to the new interface. \\n**Can I switch back to the old UI?** \\n \\nYes, you can switch back to the old UI at any time by toggling off the \\”Switch to Old UI\\” button inside the help menu on the top right corner. This ensures you can work in the environment you are most comfortable with. \\n**Will I lose my data if I switch between the UIs?** \\n \\nNo, switching between the new and old UI will not affect your data. All your settings, preferences, and data remain intact regardless of the interface you use. \\n**Are there any workflow changes? Will it affect my current workflows?** \\n \\nNo, there are no workflow changes except for the Navigation Structural change. All user workflows will remain the same. \\n**Are there any features exclusive to the new UI?** \\n \\nYes, the new UI introduces several new features, including: Enhanced navigation for faster access to key tools. A responsive design that works better on all devices. New customization options for personalizing your experience. \\n**Is the functionality in the old UI available in the new UI?** \\n \\nYes, all core functionalities available in the old UI are included in the new UI. Additionally, the new UI offers improved workflows and extra features. \\n**Do I need to install anything to use the new UI?** \\n \\nNo, the new UI is part of the web application and does not require any installation. Simply toggle the button to enable it.”,”published”:”2025-09-19T12:01:33″,”modified”:”2025-09-19T12:01:33″,”type”:”qualysblog”,”title”:”Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution”,”source”:””,”references”:””,”id”:”QUALYSBLOG:3EE0CA088FBF0E27D1ABA4A82BFDCEE4″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.qualys.com\/category\/product-tech”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-19T12:08:18″,”description”:”We\u2019re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,120,7,11,5],"class_list":["post-18080","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n