CUSTOMER PROBLEM
The Compliance Operator 1.8 correctly executes the PCI DSS 4.0 SCAP scans in the customer's environment. However, ACS 4.9 does not ingest or display any results associated with this standard.
Symptoms and Evidence:
• The results section for PCI DSS 4.0 shows blank coverage, empty reports, zero findings, and no rules evaluated.
• The issue seems specific to PCI DSS 4.0, as SCAP ingestion is partially working; CIS and CIS Node profiles DO appear correctly in ACS 4.9.
• The customer previously used PCI DSS 3.2, and the 4.0 standard was recently introduced.
• Diagnostics show that ACS receives the event that the PCI scan was executed, but it neither ingests nor processes the results. Crucially, no ingestion attempt for PCI DSS appears in the logs, and no errors appear, which is typical when a benchmark is “not supported”.
• Internal testing by the customer demonstrated that ACS version 4.6 was able to display PCI DSS 4.0 standards and coverage correctly, but when updated to ACS version 4.9, the functionality stopped working