What is an Approved Scanning Vector?
An ASV is an organisation or entity that is qualified by the Payment Card Industry Security Standards Council (PCI SSC) to conduct external scanning to assess the vulnerability of a client organisation.
In partnership with the approved ASV company Qualys Inc., IntaForensics utilise the Qualys Cloud Platform to offer an ASV scanning service for PCI DSS customers. Vulnerability scanning and remediation services are delivered by IntaForensics consultants with the final attestation provided by Qualys Inc.
The purpose of the Program is to validate adherence with the external scanning requirements of PCI DSS requirement 11.2.2.
As a PCI SSC accredited Qualified Security Assessor (QSA) Company, IntaForensics are very experienced in the review of payment processing environments and the provision of relevant, focused and valued advice/recommendations.
ASV Scan Requirements
ASV scans are mandated for organisations based on PCI DSS requirements for external vulnerability scans. If your Self-Assessment or on site assessment has identified that requirement 11.2 of the current PCI DSS standard applies to your CDE, quarterly external scans are required.
If you are currently self-assessing against PCI DSS and are unsure if ASV scans are required, please speak to our QSA Team who can provide assistance with SAQ selection and identifying applicable requirements.
IntaForensics utilise a cloud-hosted scanning platform to perform an in-depth vulnerability scan against external hosts and perimeter firewalls of the customers Cardholder Data Environment (CDE). Once per quarter, IntaForensics specialist staff run an initial vulnerability scan against the required host addresses / domain names. Remediation requirements which score above a CVSS score 4.0 or higher will be reported to the customer to be resolved. IntaForensics will provide telephone and email support up to a maximum of 2 hours. Remediation requiring more extensive support will be delivered on a consultancy basis if required. Following remediation, a further scan is run to confirm that any remediation is effective. Once a passing PCI Scan has been reached, the scan is submitted to Qualys Inc. ASV team for attestation. This will be completed and returned within 48 hours.
5 IP addresses per quarter are comprised in the service cost, which includes the initial scan and a follow up re-scan if remediation work is required.
As regular customers of IntaForensics, I highly recommend the company for the services delivered by Damian Walton and his team. I couldn’t praise their Cyber Essentials services and support highly enough.
Ryan James, Managing Director - nFocus
Up to 12,000 schools could become targets of cyber-attacks in 2022 This frightening statistic comes after more than three quarters […]Read More
Cyber Attacks: Attacker Techniques and the Business Impact Many businesses across the UK are concerned about the impact that a […]Read More