paint texture

PCI ASV Security Vulnerability Scanning

The process required to identify security vulnerabilities associated with the exterior-facing IP addresses of the CDE on your network.
paint texture
Risk Factory Guarantee Badge

The Risk Factory Guarantee

No questions asked, full refund if you are not 100% happy.
Find Out More
Megaphone paint texture

Factory Fact

The average cost of a security breach for a small company is £115k.
View our resources
Ringing Phone Icon paint texture

Need some help?

Speak to an expert. Contact our “Factory Foreman” and he can answer any questions you may have.

Call us on:
0800 978 8139
Contact Us

get an instant quote

Number of Scans

Number of IPs

Price: £0.00

What is it?

PCI ASV Security Vulnerability Assessment Scanning is the process required to identify security vulnerabilities associated with the exterior-facing Internet Protocol (IP) addresses of the Card Data Environment (CDE) on your network. The process requires the use of a Payment Card Industry (PCI) Approved Scanning Vendor (ASV) technology to identify known security weaknesses such as configuration flaws, excess builds, missing security patches, updates or fixes.

Why should I do it?

You should do it to “see what a hacker sees”. Conducting this scanning will show you any existing Internet-facing weaknesses that could be exploited by hackers to access the systems processing your cardholder data. It should give you a clear picture of the security profile of your systems as seen from the Internet. It is also required to comply with Requirement 11.2.2 of the PCI Data Security Standard (DSS) V3.

How often should I do it?

The PCI DSS requires ASV scanning of the exterior facing IP addresses associated with your CDE quarterly and after any major changes.

What will Risk Factory do?

  • Provide four PCI ASV scans (one each quarter) of the IP addresses associated with your CDE required for compliance.

What will I receive?

  • After each scan you will receive a detailed report of the findings documenting any vulnerability identified and detailing recommendations for mitigating that vulnerability. For a sample report please contact the Risk Factory Foreman.
  • On-call telephonic support from an information security consultant for two weeks after each scan to answer any questions you may have about the report or remedial recommendations.
  • A free rescan two weeks after the original scan to ensure recommended remedial actions were effective in mitigating the vulnerabilities originally identified.
  • A certificate of validation for evidence of compliance.

Do I need to prepare anything in advance?

We just need a list of the internet facing IP addresses associated with your CDE. If you don’t know these IP addresses, don’t panic our Factory Foreman can help you.

Also, don’t forget to specify the exact number (quantity) of ASV scans you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each scan purchased. You can for example, purchase multiple scans (for better value) and get them delivered over time when you need them to match your ongoing business requirements.

Please consider updating your browser

This website has been designed using modern web technologies which unfortunately, are not supported by your browser. This means that many parts of the site will not function as intended.