What CVSS Score is required for PCI compliance?


Vote Up (18)


You need to have a score from 0.0 through 3.9 to be compliant.  


From the PCI Security Standards Council: 

“To demonstrate compliance, a scan must not contain highlevel vulnerabilities in any 

component in the cardholder data environment. Generally, to be considered compliant, none of those components may contain any vulnerability that has been assigned a Common Vulnerability Scoring System (CVSS) base score equal to or higher than 4.0.”


Here is a quick reference guide (free pdf download) that you might find useful in the future:



Ask a Question