ASV Program Guide v3.1 (July 2018) 5.5 ASV Scan Scope Definition For the purpose of ASV scanning, the PCI DSS requires quarterly vulnerability scanning of all externally accessible (Internet-facing) system components owned or utilized by the scan customer that are part of the cardholder data environment (CDE), as well as any externally facing system component…
Category: ASV
ASV, Security Testing, Vulnerability Management
WAFs and ASV scans
by Ed • • 0 Comments
If by WAF you mean “an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic”, then we are on the same page! Ryan Barnett wrote about it in 2008 in his Tactical Web Application Security blog . Didier Godart…
4.0, Assessments, ASV, PCI DSS, SAQ A, V3.1, V3.2.1, Vulnerability Management
Does an SAQ-A merchant need ASV scans?
by Ed • • 0 Comments
UPDATED FOR V4! If a merchant is eligible to complete a SAQ-A to report on the results of their compliance assessment, are they required to engage an ASV (approved scanning vendor) to complete external vulnerability scans? YES! V4 clearly includes PCI DSS requirement 11.3.2! (Note the new V4 numbering) Self-Assessment Questionnaire A and Attestation of…
