Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution

Himanshu Kathpal, Vice President, Product Management, Platform and Technologies

September 19, 2025- 11 min read

Table of Contents

• Whats New: User Experience Enhancement
• Key Compliance Features: PCI ASV Scanning for External Networks
• Strengthen PCI DSS 4.0 Compliance with Qualys
• Qualys Advantages for Achieving PCI Compliance
• Try Qualys PCI Compliance Solution

We're excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress.

This major update improves usability, streamlines compliance workflows, and brings a modern design aligned with the Qualys Enterprise TruRisk™ Platform.

What's New: User Experience Enhancement

The new UI has been designed with speed, clarity, and accessibility at its core:

• Navigate faster - Simplified workflows save time and reduce clicks.

• Work more efficiently - Dynamic layouts and intuitive components accelerate tasks.

• Boost productivity - A modern design streamlines compliance interactions.

• Enable accessibility for all users - Optimized fonts, contrasts, and layouts.

• Consume data effortlessly - Clean visuals make scan results and insights easy to interpret.

• Take timely actions - Clear separation between actionable tasks and general updates.

• Simplify decision-making - Fewer upfront choices make navigation intuitive.

Key Compliance Features: PCI ASV Scanning for External Networks

1. Redesigned Login Page aligned with the Qualys TrusRisk™ Platform UI

1. Compliance at a glance - View overall PCI posture, scan results, and report deadlines.

1. Review and Filter Vulnerabilities Impacting PCI Compliance

1. Simplified Scan Scheduling - Easily run, filter, and manage scans across large IP ranges
   

1. Guided Attestation Workflow - Step-by-step wizard for ASV report generation, submission, and tracking

Strengthen PCI DSS 4.0 Compliance with Qualys

Ensuring Successful PCI DSS 4.0 Audits with Qualys Applications

PCI DSS 4.0 covers a broad range of requirements, and many of these elements represent the best standard practices for implementing and maintaining a comprehensive enterprise cybersecurity program. With various integrated Qualys security applications, such as VMDR, Web Application Scanning, Policy Audit, FIM, Patch Management, CAR, and several others, the Qualys Enterprise TruRisk Platform  can play a key role in driving your PCI DSS 4.0 compliance process.  

Our security experts have developed a detailed whitepaper that breaks down PCI DSS 4.0: What's changed, why it matters, and how Qualys applications can help you address specific requirements with clarity and confidence. Download the PCI DSS 4.0 whitepaper

Executive Dashboard for PCI DSS 4.0: Simplifying Audit Readiness with Qualys Enterprise TruRisk™ Platform

Qualys Addresses All Critical PCI DSS 4.0 Requirements

• Continuous Discovery & Inventory of Assets in CDE, with CMDB Sync

• External & Internal Vulnerability Management, including for cloud assets

• Detect & protect public-facing Web Applications from attacks

• Automatically identify, prioritize patches per threats in PCI-scoped assets

• Ensure secure configurations & monitor critical files for unauthorized changes (not hash-based)

• Self-Assessment Questionnaire (SAQ)

1. Qualys for 240+ PCI requirement mapping

Qualys cloud platform capabilities	Requirements addressed
CyberSecurity Asset Management	3
IT asset secure configuration	77
External & Internal Vulnerability Management	15
Patch Management	1
Web app security	1
File integrity monitoring	2
SAQ - PCI self-assessment	143
PCI ASV scanning	1

1. Qualys TruRisk™ Apps for PCI DSS 4.0 Compliance

The Qualys Enterprise TruRisk™ Platform includes more than a dozen apps that can help ensure audit-ready compliance with PCI DSS 4.0. 

Qualys App	PCI DSS 4.0 Benefits
Qualys Policy Audit (PA)	Enables continuous assessment of the cardholder data environment. Qualys PA provides a ready-to-use mandate-based template for PCI DSS 4.0 consisting of security checks that automate the assessment of in-scope PCI assets. These checks automatically scan technical secure configuration assessment requirements.
Qualys Security Assessment Questionnaire (SAQ)	Helps mid-sized and smaller enterprises use an instrument prescribed by PCI DSS 4.0 called a Self-Assessment Questionnaire (SAQ). As the link explains, there are nine different SAQs that correspond to your type of organization and environment. Eligible organizations can use the SAQ to self-evaluate their compliance with PCI DSS. Validation results are submitted to the organization's acquiring bank or payment brand(s) with an Attestation of Compliance.
Qualys Vulnerability Management, Detection, and Response (VMDR)	A foundational solution for managing CDE cyber risks (Req. 2, 5, 6, 11). It addresses the third goal for a CDE vulnerability management program and Requirement 11's need for regularly testing the security of CDE systems and networks. VMDR excels at detecting internal and external risks and efficiently responding to vulnerabilities. Authenticated scanning is a new PCI DSS 4.0 requirement. Unlike other scanners, VMDR performs authenticated scans, such as for certificate inventory. VMDR also includes Qualys PCI ASV Compliance to ensure compliance for external scans, which require ASV.
Qualys Web Application Scanning (WAS)	Continuously detects vulnerabilities and misconfigurations of CDE internal and external-facing web applications (Req. 6, 11). This app finds malware in web apps and informs DevOps teams on exposed payment data and other PII.
Qualys File Integrity Monitoring (FIM)	Provides "low-noise" CDE integrity monitoring efforts and compliance (Req. 1, 10, 11, 12), including unauthorized modification and change detection that accurately separates false alerts from positive hits and allows for whitelisting. This is important for new requirement 11.3.1.1 as auditors will be more restrictive in not allowing low level alerts to be ignored. Qualys FIM also includes File Access Monitoring (FAM) to alert on unauthorized file access and agentless network device support. Both are now needed to comply with new PCI DSS 4.0 requirements.
Qualys CyberSecurity Asset Management (CSAM)	Includes External Attack Surface Management (EASM) and provides an accurate, context-rich inventory of all CDE cyber assets to identify security gaps (Req. 2) and CSAM provides full visibility and control of the CDE's external attack surface (Req. 2, 12).
Qualys Patch Management (PM)	Enables automating the entire patching process for operating systems, mobile devices and third-party applications - even for remote devices within the cardholder data environment (Req. 1, 6, 10, 11).
Custom Assessment & Remediation (CAR)	PCI DSS 4.0 requires organizations to maintain an up-to-date inventory of all bespoke and custom software, including APIs. CAR creates reusable custom detections and remediations while allowing for the deployment of custom configurations.
Qualys TotalCloud (TC)	PCI DSS 4.0 includes several requirements that refer to cloud controls, such as access controls, monitoring and logging, incident response, patching and updates, scans, and more. Qualys TotalCloud can measure risk with 360-degree scanning to detect vulnerabilities and detect malware with up to 99 percent accuracy.
Qualys Multi-Vector Endpoint Detection and Response (EDR)	EDR is recommended to integrate vulnerability management of the CDE with endpoint threat detection and response (Req. 5, 12).

Qualys Advantages for Achieving PCI Compliance

• Continuously Monitor >97%+ PCI requirements

• Only platform which addresses 20 biggest PCI 4.0 requirements - which result into attacks per DBIR report

• Cloud-based PCI-Approved scanning solution

• Unified measurement of PCI DSS 4.0

• Telemetry to prevent, detect & respond to data breaches

• Audit friendly, out-of-the-box dashboard & compliance reports to communicate PCI posture

• Eliminate PCI risks - blind spots of compliance, fix risks in cloud, non-cloud assets

How to Get Started

The Enhanced PCI UI will begin rolling out on September 25, 2025. You'll receive in-platform notifications and email updates to keep you informed about the transition. 

Phase	Phase 1: Switching option to UI 4.0	Phase 2: Automatic New PCI UI Upgrade with Rollback Option	Phase 3: Mandatory New PCI UI Upgrade
Duration	Day 1 to Day 30	Day 31 to Day 60	Starting Day 90
What to Expect	Users will log in to the Old UI and see the Pop up prompting them to stay or try the new version, with the Toggle Switch to switch between the two UI any time.	Users will log in to the new UI and see a pop-up prompting them to stay or go back to the old UI, with a toggle switch available at any time.	Old UI is fully phased out. The toggle button to revert is no longer available. All users will be on the New UI permanently.
Key Action	Familiarize yourself with the New UI and provide feedback. Option to skip New PCI UI prompts.	Use this period to complete your transition.	Contact your Technical Account Manager (TAM) regarding any help required.

Try Qualys PCI Compliance Solution

Can you automatically assess your cardholder data environment and easily address issues to achieve PCI compliance? With Qualys, you get one holistic view of your assets and PCI compliance posture, along with all the tools you need to meet PCI DSS requirements.

Streamline PCI compliance from scans to audits, all in one place.

Tell us what you think

Your input made this update possible. The new PCI ASV UI goes beyond simply meeting PCI DSS 4.0 requirements. It enables faster work, easier compliance, and smoother audits. Try the new interface and share your feedback to help us keep improving the experience.

If you need assistance at any stage, your Technical Account Manager (TAM) and Qualys Support are ready to help. Thank you for being part of this journey and for strengthening the Qualys platform with every release.

Stay tuned for more updates.

Frequently Asked Questions (FAQs)

What is the new PCI 4.0 UI? The new PCI 4.0 UI  is an upgraded version of our current interface, designed to improve usability, provide a modern look and feel, and enhance your overall experience. It includes streamlined navigation, better accessibility, and a refreshed design.

Why was the new UI introduced? The new UI was developed to deliver a smarter, faster, and more user-friendly experience that supports seamless PCI DSS 4.0 compliance. It brings both visual enhancements to simplify and streamline core compliance activities. Enhanced User Experience with a Modern Interface A sleek, intuitive design makes it easier to access and understand key information such as scan results, compliance status, and report deadlines at a glance. Simplified Scan Management The upgraded interface allows users to quickly schedule, filter, and manage scans across large IP ranges with improved control and efficiency. Guided Attestation Workflow The attestation process has been redesigned with a step-by-step wizard that walks users through ASV report generation, submission, and tracking making the process clear and straightforward. Built to Support PCI DSS 4.0 Compliance Every element of the new UI has been crafted to align with PCI DSS 4.0 requirements, ensuring users stay compliant with the latest standards effortlessly

How will the New UI 4.0 be rolled out ? The New UI will be rolled out globally in phases.  Once it's available on your platform:  A banner will appear after you log in, prompting you to switch to the New UI.

How can I enable the new PCI 4.0 UI ? You can enable the new UI by toggling the "Switch to UI 4.0" button located at the top-right corner of the application. Once enabled, the application will switch to the new interface.

Can I switch back to the old UI? Yes, you can switch back to the old UI at any time by toggling off the "Switch to Old UI" button inside the help menu on the top right corner. This ensures you can work in the environment you are most comfortable with.

Will I lose my data if I switch between the UIs? No, switching between the new and old UI will not affect your data. All your settings, preferences, and data remain intact regardless of the interface you use.

Are there any workflow changes? Will it affect my current workflows? No, there are no workflow changes except for the Navigation Structural change. All user workflows will remain the same.

Are there any features exclusive to the new UI? Yes, the new UI introduces several new features, including: Enhanced navigation for faster access to key tools. A responsive design that works better on all devices. New customization options for personalizing your experience.

Is the functionality in the old UI available in the new UI? Yes, all core functionalities available in the old UI are included in the new UI. Additionally, the new UI offers improved workflows and extra features.

Do I need to install anything to use the new UI? No, the new UI is part of the web application and does not require any installation. Simply toggle the button to enable it.

Himanshu Kathpal, Vice President, Product Management, Platform and Technologies

PCI 4.0, pci compliance, PCI DSS 4.0

Name

Email