Many Approved Scanning Vendors (ASVs) have become automated and remote, with confusing support channels. Experience shows that a solid relationship with a proactive PCI ASV is critical to passing and maintaining PCI compliance.
Consultancy-led PCI ASV service
Elements of the PCI DSS requires that you perform quarterly external vulnerability scans via an Approved Scanning Vendor. Each of our post scan reports is reviewed by an ASV engineer, false positives removed, and you have direct access to technical expertise for remediation advice. We confirm that you’re free of vulnerabilities rated 4 or higher on the CVSSv2 scale and that compensating controls have been applied to mitigate vulnerabilities which cannot be remediated.
Our ASV Scanning process follows best practice and strict guidelines
It’s crucial to obtain a compliant scan. We provide the right guidance to ensure this is correct.
We’re validated by the PCI SCC (Security Standards Council).
Interim reports are presented, should a scan not pass first time.
Technical expertise ensures any disputes are validated.
Rescans are available until you arrive at a passing scan over a 30 day period. We’ll help you understand the results.
Post scan we send a report confirming you’re free of known vulnerabilities above CVSS 4.0 and above (excluding Denial of Service vulnerabilities) and that compensating controls have been applied.
Why use Claranet Cyber Security for PCI scanning?
Maximum quality. Low cost.
Our engineers use a combination of manual and automated techniques to maximise the quality of your service, while being competitively priced per IP address per quarter.
Engagements are fulfilled by qualified, highly skilled, and experienced security engineers.
We help customers by providing advice on recommended scope, based on current network architecture. We prioritise the solution, mitigate issues, and apply corrective actions in line with PCI DSS.
Assistance and advice will be provided to scan customers. We advise on the recommended scope, based on current network architecture and prioritise the solution, mitigate issues, and apply corrective actions in line with the PCI DSS.