Open Mobile Menu

Compliance / Privacy

ASV Services

PCI DSS Requirement 11 requires quarterly external network vulnerability scanning be performed by an Approved Scanning Vendor (ASV) approved by the PCI Security Standards Council (PCI SSC).  Scans must also be performed after any significant change in the network topology, firewall rule modifications, and/or product upgrades.   

AppSec Consulting is a qualified ASV firm, approved by the PCI Security Standards Council. While our scanning services help to guide our clients toward DSS compliance, we also believe it is a best practice to routinely scan external and internal network devices as part of an ongoing vulnerability management program. Our qualified ASVs are available to provide assistance with scoping and interpretation of scan results.  Our goal is to assist our clients to achieve quarterly passing scans and to provide them with their quarterly attestation as required by the Data Security Standard, as well as identify areas that increase risk of exposure to externally available systems    

Why Choose AppSec Consulting?

  • Expert Assistance.  Our expert staff can assist your organization with scoping and provide guidance through the entire validation process.
  • Flexibility. Scan your network as frequently as you would like.  Schedule regular scans and/or choose to scan on demand.  Choose self-service or managed services.
  • Achieve Compliance. AppSec Consulting will support ASV scanning activities and provide an Attestation of Compliance (AOC) upon completion of a passing scan.

Our Approach

  • Identify all Network devices in scope for vulnerability scanning
  • Coordinate and schedule scanning activities
  • Review scan results
  • Remediation consulting and retesting (if necessary)
  • Provide attestation for passing scans

What You Get

  • Accurate Testing – automated and manual testing to identify known vulnerabilities
  • Executive Summary and Detailed Technical Reports – reports including Executive Summary information and technical details
  • Attestation of Compliance – for submission to acquirers, processors, gateways and other PCI stakeholders