MegaplanIT

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data and secure in-scope networks, systems, and website applications.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

MegaplanIT staff working diligently at computers with a wall of computer screens for cyber security.
Picture of MegaplanIT

MegaplanIT

Security & Compliance

What Is An Approved Scanning Vendor?

Approved Scanning Vendor Overview

Performing external vulnerability scanning of business networks and services is vital to protecting an organization, as it identifies security weaknesses and exploitable vulnerabilities, and implements steps to remediate issues and manage risk effectively. For organizations subject to PCI DSS compliance, external scans must be performed by an Approved Scanning Vendor (ASV) and pass at least quarterly to maintain compliance. MegaplanIT is an Approved Scanning Vendor, supporting global customer locations.

 


What is an ASV?


As defined by the PCI SSC, an ASV is a company approved by the PCI SSC to conduct external vulnerability scanning services. The PCI SSC requires ASV companies to meet a set of ASV Qualification Requirements, spanning business requirements, service capabilities, personnel qualifications, administrative requirements, and service requalification. As an ASV, MegaplanIT undergoes rigorous testing of its ASV services, demonstrating that its services meet or exceed detection and capability requirements defined by the PCI SSC’s ASV Program and Qualification Requirements.


What are the ASV Scan Requirements for Customers?


Carrying out ASV scans is a fundamental task in ensuring network security. For those new to the procedure, it is crucial to understand that external vulnerability scans must adhere to the following stipulations:

  • They should be conducted at least once every three months.
  • They must be performed by a company certified as an Approved Scanning Vendor (ASV) by the PCI Security Standards Council (PCI SSC).
  • Scans should be comprehensive, covering all system components within the scope of the PCI DSS.
  • Customers should remediate all vulnerabilities identified by the scans and re-scan the system until it passes the ASV scan.
  • After every scan, customers should submit a scan report to their acquirer or payment brand.
  • Scans should include both IPv4 and IPv6 IP addresses, as well as any other necessary unique identifiers for your organization’s systems.
  • Any changes in the system or network configuration or any other changes that could impact security must be followed by a new vulnerability scan.

 

Where do I start?


Customers first need to engage with an ASV Company. MegaplanIT’s streamlined and positive onboarding process has successfully transitioned customers of all sizes to our ASV services platform. Our ASV Portal and the team have helped seasoned organizations, as well as those stepping into PCI DSS compliance for the first time. The MegaplanIT team’s deep knowledge and experience with the ASV process enables us to provide a higher level of quality and support for our customers, providing more rapid responses to potential scanning issues and minimizing false positives.


Common Challenges


ASV scanning is a critical control that can make or break an organization’s compliance status. ASV customers need reliable, consistent, and timely support, to avoid delays with the completion of passing scan reports. Building on our industry experience we have implemented processes to address common challenges that organizations face in the ASV space:

  • Customer Support – We are more than a scan engine or portal. Our team understands ASV. We help organizations navigate past historical pain points to an understandable, repeatable scan experience.
  • Scan Disputes & False Positives – Our team provides clear guidance on the remediation required, as well as methods to quickly address scan disputes or potential false positives.
  • Scan Setup – Our team works with your organization to understand scan target requirements and scan schedules that reduce impact during peak production cycles. We can also work with you to schedule more frequent scans than the quarterly minimum, to provide both greater assurance and a potential time buffer during situations that may require extended time to remediate specific vulnerabilities.
  • Re-scans – Our ASV Portal simplifies the re-scan process for customers that have remediated identified issues by allowing you to target a single IP or a few IP’s rather than doing a full rescan.


Conclusion


At MegaplanIT, we proactively anticipate customer needs in a wide range of security and compliance areas and respond swiftly and effectively. We are constantly working to improve the process of ASV attestation. Our aim is to make it as simple and painless as possible. Both new and existing customers can rely on us for a timely and consistent ASV experience. Contact us today. Learn how our ASV services and dedicated customer team can enhance your compliance efforts, allowing you to concentrate on your business’s core areas.

Looking for a knowledgeable and trusted partner for your cybersecurity and compliance efforts? We're Here To Help!

We look forward to talking to you about your upcoming Security Test, Compliance Assessment, and Managed Security Services priorities. Our expert security consultants and QSAs are fully certified and have decades of experience helping businesses like yours stay safe from cyber threats. Set up a time to chat with us about your biggest payment security and compliance challenges so we can partner with you to solve them!

Share this post

Industry Leading Certified Experts

PCI QSA
The PCI logo on a white background with a Software Security emphasis.
Pci approved scanning vendor logo for software security.
Pci point-to-point encryption with robust Software Security.
A man is riding a bike on a hill.
The logo for aicpa soc.
A logo with the words, a l a, and a blue globe.
A badge with the words gba certified penetration tester.

Subscribe

Subscribe To Our Newsletter & Stay Up-To-Date

Explore Our Blogs

Whitepaper | 10 min Read

Developing And Maintaining An Effective Compliance Program.

Developing An Effective Compliance Program

This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.

New Service Offering | Contact Us

MegaplanIT's Ransomware Assessment

Ransomware Preparedness Assessment

As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems. 

ResourceGuide | 8 min Read

Cybersecurity Roadmap For 2022

Cybersecurity Roadmap For 2022

Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals. 

We're Here To Help

We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services. 

A blue logo with the letter m on it.

Make Our Team, Your Team!

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.