Top 5 Quality Criteria for an Approved Scanning Vendor (ASV)

28. August 2019

Corinna Reinheimer, who is in charge of ASV scans at usd AG, tells us the five most important characteristics you should consider when choosing your PCI scanning partner.

Top 1: Comprehensive experience

Employees in the fields of security analyses and vulnerability management require comprehensive professional experience in order to ensure they can propose proper solutions to security findings.

Top 2: A competent customer support

To be able to answer all questions that may arise in a timely manner and preferably in the local language, the ASV should have an easily contactable customer support with trained staff.

Top 3: Unlimited number of re-scans

If a scan does not yield a successful result (“compliant”) on the first try, the customer is required to conduct re-scans after remediating the findings. New security vulnerabilities are being discovered on a daily basis and the list of vulnerabilities a scanner must search for is updated constantly. Therefore, a re-scan may discover some new vulnerabilities that need to be remediated for the scan to yield a “compliant” result. With unlimited re-scans, each vulnerability can be processed individually and the compliance status of the scan can be checked immediately afterwards.

Top 4: A reliable platform

The customer should be able to manage scans independently from the service times of the ASV. This requires a web based platform that allows the customer to complete tasks such as ordering, planning and processing scans at any time. Ideally, the customer can also complete Self Assessment Questionnaires (SAQs) and submit assessment reports via the platform to have all documents required for validating PCI compliance in one place.

Top 5: Extensive PCI consulting and certification services.

A company offering ASV services should have comprehensive expertise. Ideally, the company providing the service is not only an ASV, but also an accredited assessor of PCI Security Standards. This way a customer can make sure to receive competent advice and expert answers to all their questions regarding the steps they need to take to validate PCI compliance.

You need assistance?

As an accredited assessor, usd AG advises and certifies companies worldwide in accordance with the requirements of the Credit Card Industry and has been an Approved Scanning Vendor (ASV) accredited by the PCI Security Standards Council for more than 14 years. Companies from all over the world rely on the expertise of our accredited assessors and PCI Competence Center and use the services of our usd PCI Platform.

Find more details about our ASV scans here.

Also interesting:

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

PCI DSS v4.0.1: Are You Ready for the Future-dated Requirements? 

With the publication of PCI DSS v4.0.1, at the latest, the requirements introduced with version 4.0 of the credit card data security standard are yesterday's news - or so one would think. After all, many PCI DSS v4.0 assessments have already been carried out in the...

Security Advisory on AXIS Webcam

Security Advisory on AXIS Webcam

The pentest professionals at usd HeroLab examined the AXIS Webcam (P1364) during their pentests. Our professionals discovered a vulnerability (cross-site request forgery) in the admin panel of AXIS P1364 Webcam. Exploiting this vulnerability enables an attacker to...