usd AG Re-Accredited Worldwide as an Approved Scanning Vendor (ASV)

23. August 2024

On 20.08.2024, we once again received worldwide accreditation as an Approved Scanning Vendor (ASV) for the scanning services of our usd PCI Platform by the PCI Security Standards Council (PCI SSC). This makes us one of two accredited ASV companies in Germany.

More companies obligated to carry out ASV scans than before

Companies that process, store or transmit credit card data must have their affected IT systems scanned for vulnerabilities on a quarterly basis as part of their PCI DSS certification. These scans may only be carried out by an ASV that has been tested and accredited by the PCI SSC and is on the official list of Approved Scanning Vendors. Since PCI DSS v4.0 came into force, significantly more companies are obliged to perform ASV scans than before. You can find more information on the scanning obligation in our help section.

Accreditation takes place annually

All ASV organizations must undergo annual re-accreditation with the PCI SSC. These providers must meet or even exceed the requirements of the Qualification Requirements for Approved Scanning Vendors. The review is based on a structured, transparent process and requires, among other things, participation in the necessary training sessions, an examination of the ASV employees and, above all, a successful test result in the PCI SSC's ASV Lab Scan Test.

Rigorous test procedure

The PCI SSC's review of the scanning solution does not only look at processes and organizations. Our usd PCI DSS Platform was extensively tested as part of a realistic simulation of a vulnerability analysis. Our scanning solution had to identify and report all technical vulnerabilities in simulated network environments with vulnerable hosts and network devices within one day.

“We have now been continuously accredited as an ASV for almost 20 years. Nevertheless, we are just as excited about every re-accreditation as we were the first time, because the high technical requirements of the PCI SSC increase from year to year in order to keep pace with the rapid development of cyber threats. The test result from the ASV Validation Lab is the best confirmation for our clients that they are getting a reliable ASV scanning solution from us. We are also pleased with the continuous development of our platform to keep the entire review process as quick and easy as possible for our clients.”

Sebastian Düringer, Managing Security Consultant usd HeroLab,
responsible for scanning services at usd AG

Also interesting:

Top 3 Vulnerabilites in System Pentests

Top 3 Vulnerabilites in System Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

DORA Deep Dive: Reporting of ICT-Related Incidents

DORA Deep Dive: Reporting of ICT-Related Incidents

The Digital Operational Resilience Act (DORA) requires major ICT-related incidents to be reported to the German Federal Financial Supervisory Authority (BaFin) from January 2025. Why should you take a close look at this requirement now? Where in DORA is this...

Categories

Categories