Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» PCI DSS Β» PCI DSS Approved Scanning Vendor

PCI DSS Approved Scanning Vendor

An ASV is an organization that uses a set of security tools and services (called “ASV scan solution”) to perform external vulnerability scans. Their goal is to test the security posture of a business environment and identify vulnerabilities, misconfigurations, and other gaps in a security system that can be used to cause a security incident. 

This helps organizations improve their data security and meet PCI DSS requirements.

An ASV’s scan solution is rigorously tested and approved by the PCI SSC. Only then do they earn a spot on the PCI SSC’s List of Approved Scanning Vendors.

Key stages in PCI ASV scanning:

  • Determine the scope: The customer determines what parts of their internet-facing system, including components related to cardholder data, should be scanned.
  • Scan: The ASV conducts vulnerability scans using its scanning tools. Different sections of the Cardholder Data Environment (CDE) can be scanned separately.
  • Remediation: After scanning, the ASV shares interim results with the customer, who then takes necessary actions to fix any issues.
  • Resolution: If there are disagreements about scan results, the client and ASV work together to resolve them.
  • Rescan (if needed): Additional scans are performed until all conflicts and exceptions are resolved.
  • Final reporting: When no vulnerabilities remain, the ASV generates a report approved by PCI ASV and securely delivers it to the customer.

Additional reading

What includes in the Scope of GDPR ?

The General Data Protection Regulation (GDPR) aims to protect the privacy and rights of data subjects (individuals) in the European Union by regulating data processing activities conducted by businesses. Controllers or Processors outside the European Union often doubt whether they are required to comply, given that they do not have offices operating in the EU…

What is HIPAA Compliant Cloud Storage Providers

Your cloud service provider is HIPAA compliant. But that doesn’t mean you are too!  As a Covered Entity or a Business Associate who uses a HIPAA-compliant cloud to create, receive, maintain, and send protected health information (PHI), your compliance efforts don’t and mustn’t end there. While using a compliant cloud service provider is a must,…

Top 10 Vulnerability Management Tools

With remote work and international teams becoming the new normal post-COVID, it’s hard to keep up with all your network devices, access points, or even software updates for your devices. Not having track of all these could easily make your network vulnerable to data breaches, cyber-attacks, and information loss. That’s why having a vulnerability management…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales