ASV PCI Scanning

What's Included

• An annual subscription that covers all four required quarterly scans, so you stay on schedule without managing the calendar yourself.
• Collaborative scoping to identify every external IP address and domain in your cardholder data environment before the first scan runs.
• Scan execution through the Qualys ASV platform, which is certified by the PCI Security Standards Council.
• Dispute resolution support for false positive findings, including working through the formal PCI SSC dispute process so you are not penalized for vulnerabilities that do not actually exist in your environment.
• An official passing scan report formatted for submission to your QSA or acquiring bank.
• Remediation rescans after you address findings, included in your subscription.

Need more than quarterly scanning?

Some organizations need to go beyond the quarterly ASV minimum. If your compliance program requires internal scanning, penetration testing, or a bundled GRC approach, we can build a package around your specific requirements. Talk to our team.

Who It's For

• Merchants and service providers at any PCI DSS level who have external-facing systems connected to their cardholder data environment.
• Organizations completing a Self-Assessment Questionnaire that requires ASV scan evidence, including SAQ A-EP, SAQ B-IP, SAQ C, SAQ D, and others depending on your environment.
• Businesses that have struggled with false positives or getting scan reports accepted by their acquiring bank.
• Companies that want to bundle ASV scanning with GRC Assessment Readiness or vulnerability management services.