ASV - Approved Scanning Vendor for PCI

An ASV is an organization deploying security services and tools (sometimes called an ASV scan solution) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2.


The scanning vendor’s ASV scan solution gets tested and approved by the PCI Security Standards Council (PCI-SCC) before being added to its list of Approved Scanning Vendors. For a company to be approved they must first become a legal entity and fulfill all requirements to conduct business. Next, they have to go through a registration process with the PCI SSC that consists of reviewing the ASVs program guide, register for the testing, and provide administrative information and technical details by submitting an attestation of compliance. The application is reviewed by the Council and either accepted or denied for testing.


ASVs often perform an external vulnerability scan of an organization’s network or website from the outside looking inward. In addition to determining if it is PCI compliant, these scans from service providers can provide insight into any data security changes that need to be made.


Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.