thePCI Portal

Category: Vulnerability Management

Does an SAQ-A merchant need ASV scans?

If a merchant is eligible to complete a SAQ-A to report on the results of their compliance assessment, are they required to engage an ASV (approved scanning vendor) to complete external vulnerability scans? The Merchant must always comply with their Acquirer’s direction. V3.1 of the SAQ A does not include requirement 11.2.2  Only SAQ A-EP,…