Overview

You've noticed that in LanGuard 12.3 all PCI DSS Requirement reports are broken down by different requirements (ie. 6.1), while in the latest LanGuard build the same reports do not have the requirement suffix; and want to know if there are any other differences.

Solution

The PCI DSS requirement suffix removal is only a cosmetic difference between the corresponding reports in the old LanGuard version and the latest one. For example, the LanGuard 12.3 report "PCI DSS Requirement 6.1 - Missing Security Updates by Severity" is completely identical to the LanGuard 12.5 "PCI DSS - Missing Security Updates by Severity" report.

The change is there because over time PCI DSS requirements are evolving, and removing the numbering ensures that you can use the reports to comply with the PCI DSS regardless of any versioning changes introduced.

The guidance on using GFI products to achieve PCI DSS compliance can be found on the GFI LanGuard White Papers page. In section 'C'  of the PCI DSS compliance and GFI Software Products whitepaper, you can find all the reports available and their scope.