Hello!
I am reading Pub 1345 and I am confused. On page 8 it says:
"External Vulnerability Scan. Online Providers of individual income tax returns must contract with an independent third-party vendor to run weekly external network vulnerability scans of all their “system components” in accordance with the applicable requirements of the Payment Card Industry Data Security Standards (PCIDSS)."
I want to make sure I am reading this correctly. Does the tax pro have to do this weekly vulnerability scan using an approved vendor? Or maybe is the client portal provider the one who has to do the scan?
If it's the tax pro who has to do this weekly scan, what company are you using?
Thank you for your help.