Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » PCI DSS » PCI DSS Approved Scanning Vendor

PCI DSS Approved Scanning Vendor

An ASV is an organization that uses a set of security tools and services (called “ASV scan solution”) to perform external vulnerability scans. Their goal is to test the security posture of a business environment and identify vulnerabilities, misconfigurations, and other gaps in a security system that can be used to cause a security incident. 

This helps organizations improve their data security and meet PCI DSS requirements.

An ASV’s scan solution is rigorously tested and approved by the PCI SSC. Only then do they earn a spot on the PCI SSC’s List of Approved Scanning Vendors.

Key stages in PCI ASV scanning:

  • Determine the scope: The customer determines what parts of their internet-facing system, including components related to cardholder data, should be scanned.
  • Scan: The ASV conducts vulnerability scans using its scanning tools. Different sections of the Cardholder Data Environment (CDE) can be scanned separately.
  • Remediation: After scanning, the ASV shares interim results with the customer, who then takes necessary actions to fix any issues.
  • Resolution: If there are disagreements about scan results, the client and ASV work together to resolve them.
  • Rescan (if needed): Additional scans are performed until all conflicts and exceptions are resolved.
  • Final reporting: When no vulnerabilities remain, the ASV generates a report approved by PCI ASV and securely delivers it to the customer.

Additional reading

PII, PHI and PCI
Blogs HIPAA

A Brief Comparison Between PII vs. PHI vs. PCI

The protection of personal information is becoming critical for businesses worldwide in an increasingly digital world where customer data is acquired at multiple touchpoints.  Global privacy laws mandate the protection of three main categories of personal data: Personally Identifiable Information (PII), Payment Card Industry (PCI) data, and Protected Health Information (PHI).  The acronyms PII, PCI,…
GDPR for US Companies
Blogs GDPR

GDPR Compliance for US Companies (2024)

Back in 2017, platforms like Facebook didn’t give data privacy as much attention as it does today. A year later, the GDPR rolled around and quickly became known as one of the most stringent, complex, and rigorous privacy protection law there is.  And just like that, Facebook and other tech giants were forced into rethinking…
Blogs

TISAX Explained: Understanding Scope, Impact, and the Certification

The automotive industry is on the brink of significant transformations with robotaxis, autonomous vehicles, air taxis, and many more innovations driving the future of mobility. As we move towards connected transportation ecosystems, new advancements introduce new risks. 95% of cyber attacks on the automotive industry have been remote—imagine people hijacking your vehicles or disabling brakes….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales