How to create a PCI compliance dashboard with InvGate

With InvGate Asset Management, you can build a PCI compliance dashboard easily in just a few steps. By bringing CDE-related assets and key security indicators into one place, teams can move faster, prioritize what matters most, and maintain better control over PCI scope.

These are some (not all) of the charts we recommend including in your dashboard:

1. Total in-scope assets by country.
2. In-scope assets by health status.
3. In-scope assets with tickets.
4. Open requests by type.
5. Non-compliant device status.
6. Assets by status and location.
7. In-scope assets by location.

#1: Create an accurate inventory

Keep in mind that your ability to build a meaningful dashboard depends on how complete your inventory is. To get accurate insights, you’ll need to have all your CDE assets properly identified and uploaded into InvGate Asset Management.

1.1. Create different asset types for your CDE-related assets

InvGate Asset Management allows you to manually create different asset types so your inventory stays as accurate and structured as possible. While the platform includes default options, for PCI purposes it’s recommended to create specific asset types that match the devices included in your CDE.

You can create as many asset types as needed. As an example, we’ll create the “Point of Sale Terminal” asset type. Follow these steps:

1. Go to Settings > CIs > Asset types.
2. Click on “Add” and complete the following fields:
   1. Name: Point of Sale Terminal.
   2. Fields: Leave as it is.
   3. Icon: Choose an icon of your preference.

Repeat this process for each asset type that belongs to your CDE.

1.2. Create a different inventory ID for each CDE asset type

Next, create a specific inventory ID for each asset type you defined in the previous step. Continuing with the example above, we’ll create the inventory ID for “Point of Sale Terminal.”

Follow these steps:

1. Go to Settings > CIs > Inventory ID.
2. Click on “Add” and complete the following fields:
   • Name: Point of Sale Terminal
   • Prefix: POS-
   • Starting from: 001
   • Number of digits: 3
   • Suffix: None

Repeat this process for every asset type that belongs to your CDE.

#2: Build an inventory of your CDE assets

Now that you’ve created your asset types and inventory IDs, adding CDE assets to InvGate Asset Management becomes much easier. Follow these steps:

1. Click on New CI (top-right corner).
2. Select Assets.
3. Find and click on "Point of Sale Terminal" (the asset type you created in step 1).

During asset creation, you’ll see many available fields. For PCI purposes, we’ll focus only on the most relevant (and often required) ones for CDE assets.

4. Complete the following information:
   1. Status: Active (you can change it later if needed).
   2. Manufacturer: Select an existing manufacturer or create a new one.
   3. Model: Select or create the specific model.
   4. Location (optional): Choose the asset’s location.
   5. Number of assets to create: Select how many assets of this type you want to create.
   6. Columns to enter: Choose the attributes you want to fill in, typically Inventory ID, Name, and Serial number.
   7. Inventory ID: Select the Inventory ID created in the previous step (you can assign different IDs per asset if needed).

Note: Make sure assets are classified correctly. A POS terminal, a credit card terminal, and a computer can play very different roles in payment processing and may fall under different PCI scope considerations.

#3: Tag all your CDE-related assets

The next step in building your PCI compliance dashboard is tagging the assets that belong to your CDE. This makes it easy to build charts and apply consistent conditions across the dashboard.

You can tag your CDE-related assets as follows:

1. Go to Assets.
2. Type “POS” to filter assets by Inventory ID.
3. Select all matching assets.
4. Click on Tags.
5. Create a new tag named “PCI Compliance Dashboard”.
6. Select the new tag and apply the changes.

#4: Create your PCI compliance dashboard

The goal of a PCI compliance dashboard is to monitor the assets that store, process, or transmit cardholder data. To achieve this, you can create a dedicated dashboard in InvGate Asset Management. Follow these steps:

1. Go to Dashboards.
2. Click the “+” icon to create a new dashboard.
3. Fill in the basic details and global filters:
   1. Name: PCI Compliance Dashboard.
   2. Description: Centralize PCI DSS metrics to monitor compliance, track evidence, and identify risks across the Cardholder Data Environment (CDE).
   3. Leave global filters empty (Owner, Location, and Tags) to keep full visibility across your environment.

Note: Global filters apply to every chart on the dashboard, creating a default view that works alongside each chart’s own filters. This lets you refine visualizations without editing each chart individually.

Once you’ve completed the dashboard setup, you can start adding the charts recommended above. Here’s how to do it.

4.1. Total in-scope assets by location

Click “Add chart” to create your next chart:

1. Visualization: Pie.
2. Metric: Assets (Tracked) - Total.
3. Dimension: Location.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “Total in-scope assets by country” and click on "Save."

4.2. In-scope assets by health status

Click “Add chart” to create your next chart:

1. Visualization: Pie.
2. Metric: Assets (Tracked) - Total.
3. Dimension: Health status.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “In-scope assets by health status” and click on "Save."

Note: Health status depends on the health rules defined by each organization. For this chart to provide meaningful insights, health-related attributes must be trackable. That typically requires installing the InvGate Asset Management Agent on in-scope endpoints, so it can report conditions that may impact PCI compliance, such as antivirus/EDR status, disk encryption, missing patches, OS version/support status, and other security-related signals.

4.3. In-scope assets with tickets

Click “Add chart” to create your next chart:

1. Visualization: Column stacked.
2. Metric: Requests assigned (Open).
3. Dimension: Type & Location.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “In-scope assets with tickets” and click on "Save."

4.4. Open requests by type

Click “Add chart” to create your next chart:

1. Visualization: Indicator.
2. Metric: Requests assigned (Open).
3. Dimension: Asset type.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “Open requests by type” and click on "Save."

4.5. Non-compliant device status

Click “Add chart” to create your next chart:

1. Visualization: Column stacked.
2. Metric: Assets (Tracked) - Total.
3. Dimension: Asset type & Status.
4. Add the following conditions:
   1. Assets > Tags > contains > PCI.
   2. Assets > Health status > is not > Safe.
5. Name it: “Non-compliant device status” and click on "Save."

4.6. Assets by status and location

Click “Add chart” to create your next chart:

1. Visualization: Column stacked.
2. Metric: Assets (Tracked) - Total.
3. Dimension: Asset type & Status.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “Assets by status and location” and click on "Save."

4.7. In-scope assets by location

Click “Add chart” to create your next chart:

1. Visualization: Columns.
2. Metric: Assets (Tracked) - Total.
3. Dimension: Location & Type.
4. Add the following condition:
   1. Assets > Tags > contains > PCI.
5. Name it: “In-scope assets by location” and click on "Save."