DATA RECON 2.0.25

Compliance Report

The DATA RECON compliance report summarizes all of DATA RECON’s findings from a given scan.

dr-compliance-report.png

Label Description
a Date and status of scan

Gives the host name of the host scanned, the date the scan started, and the date the scan was completed or stopped.

If the scan was canceled or stopped (you cannot generate a compliance report unless you complete or stop a scan), the report will state that the scan was "(canceled)".

b Compliance summary Summary of clean locations, match instances, and locations that contain prohibited matches.
c Scan parameters Summary of parameters applied to the scan, such as search filters and types of card data.
d Host and scan configuration Gives the host's IP address, the host's operating system, the total size of the data scanned, the version of DATA RECON, and licensee details.
e Target summary

Shows the number of match locations and the number of matches, organised by targets.

Also shows the number of locations that cannot be accessed by DATA RECON.

f Search Summary

Shows a summary of all match details.

  • Overview
    Provides total number of non-compliant match locations and total number of non-compliant matches found during the scan.
    Remediating and marking matches as "Remediated Manually", "False Match", and "Test Data" will reduce the number of non-compliant matches added to this match overview.
    See the section below on "Match status".
  • "By Status"
    Shows matches organised by status. See the section below on "Match status".
  • "By Card Brand"
    Shows matches organised by card brand.
  • "By Content Type"
    Shows matches organised by file format types.
    DATA RECON has native support for certain file formats, and will scan these files with the appropriate decoder.
    For formats that DATA RECON does not have native support for, DATA RECON will decode by brute force.
    Matches found in files that DATA RECON has scanned but does not have native support for will be reported as "Text or unknown" in the "By Content Type" category.

g Match detail and status

MATCH DETAIL

Match details are sorted into 3 columns:

  • "Test"
    The scanned locations that contain match test card patterns. These matches should not affect PCI compliance.
  • "Prohibited"
    The number of scanned locations that contain non-compliant match data. These locations should be checked and remediated for non-compliance as soon as possible.
  • "Cardholder"
    The total number of match instances found during the scan.

MATCH STATUS

Matches can be labelled with 6 different statuses. How a match is labelled will determine how it is reported in the compliance report.

  • "Unconfirmed Matches"
    "Unconfirmed" matches are data that match DATA RECON's search patterns, and are likely to contain non-compliant data.
    This data should be reviewed and marked as "confirmed", a "false match", or "test data".
    Matches found during an initial scans will by default be marked as "unconfirmed", and will require review by the user.
  • "Confirmed Matches"
    "Confirmed" matches are matches that have been reviewed by the user and are found to contain non-compliant data.
  • "Remediated using CARD RECON" *
    Matches that have been marked as "Remediated using DATA RECON" are confirmed matches that have been remediated using DATA RECON's built-in remediation tools.
    Remediating matches with DATA RECON's built-in remediation tools will automatically mark them as "Remediated using DATA RECON".
  • "Remediated Manually" *
    Matches that have been marked as "Remediated Manually" are confirmed matches that have been marked by a user as remediated with tools outside of DATA RECON.
    Marking matches as having been "Remediated Manually" will not alter existing data.
    DATA RECON cannot guarantee that matches that have been marked as manually remediated have been effectively remediated to comply with PCI DSS.
  • "False Match" *

    Matches that have been marked as a "False Match" are matches that have been reviewed and found to be false positives.

    When marking a match as a false match, DATA RECON will ask if you would like to:

    • "Send encrypted false match samples to Ground Labs for permanent resolution": This would securely send data that you mark as false matches to Ground Labs so that future scans can be improved.
    • "Update configuration to exclude identical matches from future searches": This would update DATA RECON's current search filters for the current session, and save a configuration file that contains a custom search filter to exclude the data marked as a false match from future searches. (For more information, see Save and Load Options).

    Search filters for the current session will only update if you check the "Update configuration to exclude identical matches from future searches" option before clicking Okay to confirm that the selected match is a false match.
  • "Test Data" *

    Matches that have been marked as "Test Data" are matches that have been reviewed and found to match data that are from test data sets.

    When marking a match as test data DATA RECON will ask if you would like to:

    • "Update configuration to exclude identical matches from future searches": This would update DATA RECON's current search filters for the current session, and save a configuration file that contains a custom search filter to exclude the data marked as a false match from future searches. (For more information, see Save and Load Options).

    Search filters for the current session will only update if you check the "Update configuration to exclude identical matches from future searches" option before clicking Okay to confirm that the selected match is a false match.