PCI ASV

Introduction

Accorian is a Payment Card Industry Approved Scanning Vendor or, PCI ASV. The ASV Program Guide (v3.0) defines an ASV as a “company qualified by PCI SSC for ASV Program to conduct external  vulnerability scanning services in line with PCI DSS Requirement 11.2.2.” The ASV validation lab established by PCI SSC tests an ASV’s scanning solution before designating a vendor as a PCI SCC approved scanning vendor.

Hence, Approved Scanning Vendor (ASV) is an organization with a set of security services and tools to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2.

What is PCI DSS?

Payment Card Industry Data Security Standards (PCI DSS) are operational and technical requirements prescribed by the PCI Security Standard Council (PCI SSC) for organizations that store, process or, transmit card holder data from major credit card schema such as Visa, Master, American Express etc.

Why do you require a PCI ASV passing scan every quarter?

To comply with the PCI DSS standards, merchants and service providers are required to present a quarterly passing of PCI Security Scans by an ASV.

The detailed requirements are as follows –

  • Conducting quarterly external network scans followed by re-scans to verify & ensure that all failing issues have been resolved
  • Conducting quarterly external scans and rescans via an ASV
  • Conducting internal and external scans and rescans after any significant change in the network
  • The end company regularly needs to obtain this passing scan report every quarterly

Accorian’s PCI ASV Service

Accorian’s team of security experts aid clients in meeting the 11.2.2 requirement by conducting scans using our approved tools & scanners to identify vulnerabilities and misconfigurations associated to the external network hosts, web application and other internet facing technologies.

The scans are non-disruptive in nature, and we do not conduct destructive testing such as Denial of Service, Buffer Overflow etc.

1

Scope Deduction:

Our team aids clients with identification of their scope and conduct host discovery scans to further detect unknown hosts or, shadow IT assets.Subsequently, our team conducts the following activities:

2

Vulnerability Scanning:

Identification of security weaknesses, flaws & misconfigurations associated to the Operating System and Services based on probing, version identification, non-destructive exploitation using safe payloads, brute forcing of credentials etc.

Additionally, we identify potential vulnerabilities based on version fingerprinting as well

3

Reporting:

The scanning activity yields issues and recommendations for mitigation. We provide clients with two reports – Executive & Technical Summary. The technical summary consists of the list of vulnerabilities, risk rating, pass/fail rating against PCI ASV requirements, description, and mitigation advisory.

Our team of experts interface with clients to relay this information and facilitate remediation through detailed & targeted solutions.

Subsequently, we conduct re-scans to validate remediate and issue a passing report if all failing vulnerabilities have been mitigated.

The Accorian Advantage

Accorian’s cybersecurity and compliance teams bring a wealth of experience to help navigate organizations through their information security journey. Our hands-on, white-glove approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients. The facts speak for themselves.

Ready to Start and Need Support?

Need Help?

I’m Here To Assist You

Something isn’t Clear? We would love to chat and discuss your security & technology challenges.

This website uses cookies to ensure you get the best experience on our website.