Approved Scanning Vendor (ASV)
Definition
An organisation qualified by the PCI Security Standards Council to conduct external vulnerability scans of cardholder data environments. PCI-DSS requirement 11.3.2 mandates that external scans be performed by an ASV. The ASV designation is the compliance framework's assurance that the scanner is competent and independent.
Related terms
- Audit evidence
- Any information the auditor uses to draw conclusions about a control. To be acceptable, audit evidence must be sufficient (enough of it),...
- CVSS (Common Vulnerability Scoring System)
- An open standard maintained by FIRST (Forum of Incident Response and Security Teams) that assigns a numeric score from 0 to 10...
- Remediation prioritisation
- The process of ordering vulnerability remediation by risk. Factors include CVSS base score, asset criticality, threat intelligence about active exploitation, and compensating...
- Risk acceptance
- A formal decision by an authorised senior manager to tolerate a finding without full remediation, typically because the cost of remediation exceeds...
- Vulnerability assessment
- A systematic process of identifying, classifying, and prioritising security weaknesses in systems, software, and infrastructure. Produces a list of findings with severity...
Explained in
- Vulnerability Assessment as Audit EvidenceAn organisation qualified by the PCI Security Standards Council to conduct external vulnerability scans of cardholder data environments. PCI-DSS requirement 11...