Approved Scanning Vector (ASV)
IntaForensics® consultants focus on current and impending cyber security risks, advising and supporting clients to ensure they understand the dangers and implications of a successful attack. In a world where your data is a highly sought-after commodity, making sure it is protected must be regarded as a top priority for all organisations.
What is an Approved Scanning Vector?
An ASV is an organisation or entity that is qualified by the Payment Card Industry Security Standards Council (PCI SSC) to conduct external scanning to assess the vulnerability of a client organisation.
In partnership with the approved ASV company Qualys Inc., IntaForensics utilise the Qualys Cloud Platform to offer an ASV scanning service for PCI DSS customers. Vulnerability scanning and remediation services are delivered by IntaForensics consultants with the final attestation provided by Qualys Inc.
The purpose of the Program is to validate adherence with the external scanning requirements of PCI DSS requirement 11.2.2.
As a PCI SSC accredited Qualified Security Assessor (QSA) Company, IntaForensics are very experienced in the review of payment processing environments and the provision of relevant, focused and valued advice/recommendations.
ASV Scan Requirements
ASV scans are mandated for organisations based on PCI DSS requirements for external vulnerability scans. If your Self-Assessment or on site assessment has identified that requirement 11.2 of the current PCI DSS standard applies to your CDE, quarterly external scans are required.
If you are currently self-assessing against PCI DSS and are unsure if ASV scans are required, please speak to our QSA Team who can provide assistance with SAQ selection and identifying applicable requirements.
IntaForensics utilise a cloud-hosted scanning platform to perform an in-depth vulnerability scan against external hosts and perimeter firewalls of the customers Cardholder Data Environment (CDE). Once per quarter, IntaForensics specialist staff run an initial vulnerability scan against the required host addresses / domain names. Remediation requirements which score above a CVSS score 4.0 or higher will be reported to the customer to be resolved. IntaForensics will provide telephone and email support up to a maximum of 2 hours. Remediation requiring more extensive support will be delivered on a consultancy basis if required. Following remediation, a further scan is run to confirm that any remediation is effective. Once a passing PCI Scan has been reached, the scan is submitted to Qualys Inc. ASV team for attestation. This will be completed and returned within 48 hours.
5 IP addresses per quarter are comprised in the service cost, which includes the initial scan and a follow up re-scan if remediation work is required.
Cyber Essentials – Simple, Effective and Affordable Cyber Security for the Legal Profession
With reams of sensitive personal data and transactions that involve large sums of money, the legal sector remains a huge […]
Read MoreCalling all Registered Charities: Get Cyber Essentials at a special discount with IntaForensics
Charities play a crucial role in society, providing support and relief to those who need it most in their darkest […]
Read MoreThe Anatomy of a Ransomware Attack: Ten Steps to Defending Your Company Against Cybercrime
According to data from Egress, a ransomware attack occurs every eleven seconds. The frequency of attacks on a daily basis […]
Read More