PCI Approved Scanning Vendor

PCI logo

Edgescan is a PCI Approved Scanning Vendor (ASV)

An ASV is an organization with a set of security services and tools (ASV scan solution) to conduct external vulnerability scanning services to validate adherence with the scanning requirements of PCI DSS.

Based on PCI DSS Requirement 11.2.2 one must perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approved by the Payment Card Industry Security Standards Council (PCI SSC) and perform rescans as needed, until passing scans are achieved.

The ASV Program Guide requirements for a passing scan mandate that no vulnerabilities rated 4.0 (or higher by the CVSS, and no automatic failures) are present.

A helping hand

With the Edgescan full stack assessment approach we can help ensure your PCI DSS compliance requirements are met and that you pass your quarterly scan. Our expert penetration team is available for support and assistance to advise you what is required to pass your quarterly assessments.

Edgescan Approved Scanning Vendor (ASV) Service

Many of our clients require the flexibility of being able to conduct ASV scans themselves. Instead of conducting them once per quarter, they may choose to run them daily, weekly or on a more ad-hoc basis.

Edgescan provides a self-service ASV portal for clients. Our award-winning portal allows clients to intitate scans on-demand, and run reports when required to ensure PCI-ASV success.

It is powered with the same logic as the award-winning Edgescan fullstack vulnerability managed service, which is used by some of the world’s largest and best known organizations.

Our clients who operate a continuous compliance model use the full Edgescan service, as it has the added flexibility of running unlimited numbers of scans for the same fixed annual cost.

The Edgescan self-service ASV portal allows for fullstack vulnerability assessments to be conducted (infrastructure and web application). The solution has been fully approved for PCI ASV scanning across all geographies and is also ISO27001 certified for further assurance.

ASV example

Benefits to Organisation from the Edgescan ASV Service

No agents or software installations: Edgescan ASV does not use agents or install software to perform our scanning service giving you peace of mind in the knowledge that your environment will not change.

No disruption: When conducting a scan, Edgescan ASV does not interfere with the cardholder data system.

Production Safe Testing: Edgescan ASV is a production safe service. We deliver assessments to help ensure we do not cause outages.

Above the Reporting Standard: Edgescan ASV produces reports that conform to PCI-ASV standards, and we go beyond that with consolidated remediation information so you know how to fix issues if you do fail a control.

Automatically schedule the required quarterly scans, and also scan as often as you like on an ad-hoc manner, for PCI compliance and for identifying and remediating vulnerabilities as soon as they appear in your network.

Leverage 24/7 online help and email or telephone support for understanding and fixing issues.

Maintain coverage on all assets either on-premises, in private, public or hybrid clouds.

Scan your web apps during and after development to ensure they’re securely built and securely maintained

ASV example 2
ASV example 3