The real difficulty in becoming PCI compliant depends on whether you transmit, process, or store the full credit card number on your network. If you do, all or part of your network (depending on how good your segmentation is) becomes a cardholder data environment (CDE), and you will have to comply with most or all of the 12 requirements of the PCI-DSS

Hello, @poliq

Adjusting the server configuration in order to pass a PCI compliance scan will always depend from the PCI vendor itself, because they all have different requirements, but in general you will need to make sure that TLS versions bellow 1.2 are disabled.

I’ve recently posted a mini tutorial related with PCI Compliance scan where the outdated TLS versions had to be disabled in order the user to pass the scan. You can check it here:

https://www.digitalocean.com/community/questions/disable-old-tls-versions-1-0-1-1-for-apache-nginx-on-ubuntu-18-04-or-centos-7

If you have any specific questions regarding the PCI scan you are most welcome to ask.

Hope this helps!

Regards,
Alex

Thanks a lot for your answers and assistance. Still I was already recommended to check out PCI Compliance Cost there https://www.trustnetinc.com/pci-compliance-cost/ and didn`t expect to find all necessary information there. Plus their experts helped me a lot with communication. I was very satisfied with their service and prices.