Overview

You are looking for information as to what SSL and TLS based scanning is available in LanGuard to cover the compliance with PCI DSS requirements 11.2 and 11.2.1.

Solution

A dedicated SSL and TLS scanning is not a part of LanGuard checks. And such checks are not explicitly demanded by PCI DSS 11.2. The core of 11.2 is periodic vulnerability scanning: "11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network".

And GFI LanGuard is exactly this - a full-fledged OVAL and CVE vulnerability scanning and patch management solution, i.e., can be used to comply with this requirement.

LanGuard Central Management Server has dedicated reports for the PCI DSS; refer to the Using GFI LanGuard Central Management Server Reports.

The guidance on using GFI products to achieve PCI DSS compliance can be found on the GFI LanGuard White Papers page. In section 'C'  of the PCI DSS compliance and GFI Software Products whitepaper, you can find all the reports available and their scope.

If you are looking only for the SSL and TLS issues detection:
1. Our checks for potential vulnerabilities include SSL detection on web sites.

2. If some of the OVAL and CVE vulnerabilities and patches are TLS/SSL related, they will be picked by our scan and be available for remediation.