- These useful One UI 7 features are coming to the Galaxy S25 series - and older models too
- This premium projector has a dazzling display that could replace my 4K TV
- Uncover the latest upgrades in the NSO Sandboxes
- Samsung's new Galaxy AI features are what iPhone users wish they got with Apple Intelligence
- The future of sales? These AI agents offer 24/7 ABC energy for SMBs
Resource Guide: Vulnerability Scans and Approved Scanning Vendors
The PCI Data Security Standard (PCI DSS) has long included requirements for external vulnerability scans conducted by PCI Approved Scanning Vendors (ASVs), and these requirements have also been included in prior versions of some Self-Assessment Questionnaires (SAQs). For PCI DSS v4.x, requirements for external vulnerability scans performed by an ASV were added to SAQ A to help address common breaches that are targeting SAQ A merchant environments at alarming rates.
This new resource guide is intended for anyone with questions about ASV scans, with a focus on SAQ A merchants since they are completing PCI DSS Requirement 11.3.2 for the first time.
ASV scan requirements in SAQ A apply only to an e-commerce merchant system(s) that hosts the webpage that either 1) redirects payment transactions to a PCI DSS compliant third-party service provider (TPSP) or 2) includes an embedded payment page/form from a PCI DSS compliant TPSP. The intent is for merchants to minimize the risk of compromise by scanning for and resolving identified vulnerabilities that could potentially expose their link to the TPSP’s payment page.
In this resource guide, the PCI Security Standards Council shares key considerations, educational resources, and frequently asked questions to help better understand PCI DSS Requirement 11.3.2, which requires evidence of passing external scans, performed by an ASV, at least once every three months.
