The Policy Scanner module verifies whether certain settings (link) on a computer comply with PCI Digital Security Standards (PCI DSS). Policy Scanner verifies that user and password, system configuration, and system auditing policies on the agent’s host comply with PCI DSS. Like other PCI modules, Policy Scanner is currently only available on Microsoft Windows.

By default, scans run once a day. After each scan, Policy Scanner sends its findings to the TrustKeeper server. If Policy Scanner detects a setting that is not in compliance with the PCI DSS, it reports that information in the My Agents application under Security Configuration and references the specific requirement that the host is violating. Clients may choose to ignore alerts in Security Configuration in the same way that they ignore files in Credit Card Data Storage.