Top 5 Quality Criteria for an Approved Scanning Vendor (ASV)

28. August 2019

Corinna Reinheimer, who is in charge of ASV scans at usd AG, tells us the five most important characteristics you should consider when choosing your PCI scanning partner.

Top 1: Comprehensive experience

Employees in the fields of security analyses and vulnerability management require comprehensive professional experience in order to ensure they can propose proper solutions to security findings.

Top 2: A competent customer support

To be able to answer all questions that may arise in a timely manner and preferably in the local language, the ASV should have an easily contactable customer support with trained staff.

Top 3: Unlimited number of re-scans

If a scan does not yield a successful result (“compliant”) on the first try, the customer is required to conduct re-scans after remediating the findings. New security vulnerabilities are being discovered on a daily basis and the list of vulnerabilities a scanner must search for is updated constantly. Therefore, a re-scan may discover some new vulnerabilities that need to be remediated for the scan to yield a “compliant” result. With unlimited re-scans, each vulnerability can be processed individually and the compliance status of the scan can be checked immediately afterwards.

Top 4: A reliable platform

The customer should be able to manage scans independently from the service times of the ASV. This requires a web based platform that allows the customer to complete tasks such as ordering, planning and processing scans at any time. Ideally, the customer can also complete Self Assessment Questionnaires (SAQs) and submit assessment reports via the platform to have all documents required for validating PCI compliance in one place.

Top 5: Extensive PCI consulting and certification services.

A company offering ASV services should have comprehensive expertise. Ideally, the company providing the service is not only an ASV, but also an accredited assessor of PCI Security Standards. This way a customer can make sure to receive competent advice and expert answers to all their questions regarding the steps they need to take to validate PCI compliance.

You need assistance?

As an accredited assessor, usd AG advises and certifies companies worldwide in accordance with the requirements of the Credit Card Industry and has been an Approved Scanning Vendor (ASV) accredited by the PCI Security Standards Council for more than 14 years. Companies from all over the world rely on the expertise of our accredited assessors and PCI Competence Center and use the services of our usd PCI Platform.

Find more details about our ASV scans here.

Also interesting:

usd PCI Best Practice Workshop 2021

usd PCI Best Practice Workshop 2021

For many years, the usd PCI Best Practice Workshop has brought together responsible PCI personnel from companies of all sizes and from all industries to discuss current topics from the world of payment card industry together with PCI experts from usd. The interactive...

3 Reasons for a Cloud Security Audit

3 Reasons for a Cloud Security Audit

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers....

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...