PCI ASV Scanning Services
As a requirement for passing an annual onsite audit, the PCI DSS stipulates that merchants must show proof of four successful quarterly external scans. The process requires that merchants understand their external footprints, anticipate vulnerabilities that could show up as false positives and effectively remediate those vulnerabilities.
PCI DSS compliance is about more than just understanding what information security solutions the PCI Council requires your organization to have deployed. It's also about understanding and comprehending how to align your overall security and compliance strategies with the standards. Many Authorized Security Vendor (ASV) offerings are highly automated, making it nearly impossible for merchants to discuss their results with a human, leading to misunderstanding of what assessments mean and flawed strategies that result in noncompliance and breaches. Many organizations are not even aware that there are ASVs that will work with them to understand how to interpret the results of scans and remediate findings.
With so much riding on successful completion of the annual onsite audit, organizations can rely on Secure Application's ASV experience and expertise. Our ASV services are built around the Saint PCI solution, which provides tools for accurately and efficiently evaluating network security and for assessing and remediating vulnerabilities rapidly.
Secure Application assigns each customer a PCI ASV Scanning Services project manager and consultant, who have deep experience in spotting and identifying vulnerabilities and in remediation. Additionally, we seamlessly manage the critical but separate ASV scanning process and onsite audit, freeing customers to focus on their core business.
- Performs remediation through identification of existing, new and recurring vulnerabilities
- Offers mitigation recommendations that ensure compliance
- Provides analysis and understanding of how external activities are affecting security and compliance
In accordance with the PCI DSS, Secure Application supports organizations in conducting external vulnerability testing on a quarterly basis. We use a variety of tools to probe system components for weaknesses or vulnerabilities. Once testing is complete, our PCI DSS experts research any discovered weaknesses as required.
- Initiating and completing automated vulnerability scanning on all devices and services enumerated
- Results analysis and expert mitigation for each of the quarterly tests
- Generating and providing a per-device compliance report each quarter
- Vulnerability trending-tracking new, existing and recurring vulnerabilities
- Remediation guidance and services
- Executive summary of the status of external scans for the organization's executive management team