ASV - Approved Scanning Vendor for PCI Home Cybersecurity Dictionary ASV - Approved Scanning Vendor for PCI An ASV is an organization deploying security services and tools (sometimes called an ASV scan solution) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2. The scanning vendor’s ASV scan solution gets tested and approved by the PCI Security Standards Council (PCI-SCC) before being added to its list of Approved Scanning Vendors. For a company to be approved they must first become a legal entity and fulfill all requirements to conduct business. Next, they have to go through a registration process with the PCI SSC that consists of reviewing the ASVs program guide, register for the testing, and provide administrative information and technical details by submitting an attestation of compliance. The application is reviewed by the Council and either accepted or denied for testing. ASVs often perform an external vulnerability scan of an organization’s network or website from the outside looking inward. In addition to determining if it is PCI compliant, these scans from service providers can provide insight into any data security changes that need to be made. Related TermsPII - Personally Identifiable InformationPCI and PCI DSS -The Payment Card Industry Data Security StandardROC - Report on Compliance for PCIQSA - Qualified Security Assessor for PCIPFI - PCI Forensic Investigator Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS BLOG October 19, 2017 PCI Compliance Every Day – Requirement 11 The most widely known requirements in PCI DSS 3.2 section 11 with a timing implication are the quarterly external and internal vulnerability scans (11... See Details Read more about PCI Compliance Every Day – Requirement 11 BLOG October 29, 2018 Leveraging Risk Strategy to Move Beyond Check-Box PCI Compliance Merchants often put compliance spending at the top of their list for budgeting purposes because the consequences of non-compliance can be expensive. F... See Details Read more about Leveraging Risk Strategy to Move Beyond Check-Box PCI Compliance DOWNLOAD October 22, 2018 PCI Compliance Does Not Always Equal Security Learn how a risk-centric approach can be applied to each PCI requirement. See Details Read more about PCI Compliance Does Not Always Equal Security How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.