What Is An Approved Scanning Vendor?
Approved Scanning Vendor Overview
Performing external vulnerability scanning of business networks and services is vital to protecting an organization, as it identifies security weaknesses and exploitable vulnerabilities, and implements steps to remediate issues and manage risk effectively. For organizations subject to PCI DSS compliance, external scans must be performed by an Approved Scanning Vendor (ASV) and pass at least quarterly to maintain compliance. MegaplanIT is an Approved Scanning Vendor, supporting global customer locations.
What is an ASV?
As defined by the PCI SSC, an ASV is a company approved by the PCI SSC to conduct external vulnerability scanning services. The PCI SSC requires ASV companies to meet a set of ASV Qualification Requirements, spanning business requirements, service capabilities, personnel qualifications, administrative requirements, and service requalification. As an ASV, MegaplanIT undergoes rigorous testing of its ASV services, demonstrating that its services meet or exceed detection and capability requirements defined by the PCI SSC’s ASV Program and Qualification Requirements.
What are the ASV Scan Requirements for Customers?
Carrying out ASV scans is a fundamental task in ensuring network security. For those new to the procedure, it is crucial to understand that external vulnerability scans must adhere to the following stipulations:
- They should be conducted at least once every three months.
- They must be performed by a company certified as an Approved Scanning Vendor (ASV) by the PCI Security Standards Council (PCI SSC).
- Scans should be comprehensive, covering all system components within the scope of the PCI DSS.
- Customers should remediate all vulnerabilities identified by the scans and re-scan the system until it passes the ASV scan.
- After every scan, customers should submit a scan report to their acquirer or payment brand.
- Scans should include both IPv4 and IPv6 IP addresses, as well as any other necessary unique identifiers for your organization’s systems.
- Any changes in the system or network configuration or any other changes that could impact security must be followed by a new vulnerability scan.
Where do I start?
Customers first need to engage with an ASV Company. MegaplanIT’s streamlined and positive onboarding process has successfully transitioned customers of all sizes to our ASV services platform. Our ASV Portal and the team have helped seasoned organizations, as well as those stepping into PCI DSS compliance for the first time. The MegaplanIT team’s deep knowledge and experience with the ASV process enables us to provide a higher level of quality and support for our customers, providing more rapid responses to potential scanning issues and minimizing false positives.
ASV scanning is a critical control that can make or break an organization’s compliance status. ASV customers need reliable, consistent, and timely support, to avoid delays with the completion of passing scan reports. Building on our industry experience we have implemented processes to address common challenges that organizations face in the ASV space:
- Customer Support – We are more than a scan engine or portal. Our team understands ASV. We help organizations navigate past historical pain points to an understandable, repeatable scan experience.
- Scan Disputes & False Positives – Our team provides clear guidance on the remediation required, as well as methods to quickly address scan disputes or potential false positives.
- Scan Setup – Our team works with your organization to understand scan target requirements and scan schedules that reduce impact during peak production cycles. We can also work with you to schedule more frequent scans than the quarterly minimum, to provide both greater assurance and a potential time buffer during situations that may require extended time to remediate specific vulnerabilities.
- Re-scans – Our ASV Portal simplifies the re-scan process for customers that have remediated identified issues by allowing you to target a single IP or a few IP’s rather than doing a full rescan.
At MegaplanIT, we proactively anticipate customer needs in a wide range of security and compliance areas and respond swiftly and effectively. We are constantly working to improve the process of ASV attestation. Our aim is to make it as simple and painless as possible. Both new and existing customers can rely on us for a timely and consistent ASV experience. Contact us today. Learn how our ASV services and dedicated customer team can enhance your compliance efforts, allowing you to concentrate on your business’s core areas.
Looking for a knowledgeable and trusted partner for your cybersecurity and compliance efforts? We're Here To Help!
We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!
Share this post
Industry Leading Certified Experts
Subscribe To Our Newsletter & Stay Up-To-Date
Explore Our Blogs
Whitepaper | 10 min Read
Developing An Effective Compliance Program
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.
New Service Offering | Contact Us
Ransomware Preparedness Assessment
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems.
ResourceGuide | 8 min Read
Cybersecurity Roadmap For 2022
Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals.
We're Here To Help
We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services.
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.