Question
What can I do after a PCI Compliance scan fails or reports issues?
Answer
Please note that performing a security audit of your server for PCI Compliance is the task of a system administrator and falls outside the scope of the support that the cPanel technical support team provides.
Many providers may show false positives due to the lack of direct access to the server; thus, most information is just proving that the vulnerability is patched. Information on how to check this is below.
We make an effort to ensure that cPanel & WHM is PCI Compliant upon install, but security is a moving target. A system or security administrator must continuously monitor it.
If you received the results of a PCI Compliance scan with failures, as a courtesy, if you open a ticket with our team, we can escalate your ticket to one of our L3 analysts. They can perform a minimal investigation and show you what to look for and what you or your system administrator can do to become PCI compliant or help you dispute any false positives. If a ticket is opened with our support team, please include a copy of the scan/report as an attachment for review.
We want everyone who uses cPanel to have a fantastic experience, both with our software and our support. Sometimes that means pointing you to an expert about your particular problem if it is not a cPanel-related issue.
The following pages may also help: