- "SMB에게도 AI가 필수··· IT 예산 할당 증가" IDC
- Why 1Password's new location feature is so handy - and how to try it for free
- HPE cuts 2,500 jobs, expects Juniper buy to close year-end ’25, faces tariff issues
- The Must-Have Skill Every Network Engineer Needs
- The free iPhone 16e deal at Visible is still available. Here's how to claim yours
Resource Guide: Vulnerability Scans and Approved Scanning Vendors
The PCI Data Security Standard (PCI DSS) has long included requirements for external vulnerability scans conducted by PCI Approved Scanning Vendors (ASVs), and these requirements have also been included in prior versions of some Self-Assessment Questionnaires (SAQs). For PCI DSS v4.x, requirements for external vulnerability scans performed by an ASV were added to SAQ A to help address common breaches that are targeting SAQ A merchant environments at alarming rates.
This new resource guide is intended for anyone with questions about ASV scans, with a focus on SAQ A merchants since they are completing PCI DSS Requirement 11.3.2 for the first time.
ASV scan requirements in SAQ A apply only to an e-commerce merchant system(s) that hosts the webpage that either 1) redirects payment transactions to a PCI DSS compliant third-party service provider (TPSP) or 2) includes an embedded payment page/form from a PCI DSS compliant TPSP. The intent is for merchants to minimize the risk of compromise by scanning for and resolving identified vulnerabilities that could potentially expose their link to the TPSP’s payment page.
In this resource guide, the PCI Security Standards Council shares key considerations, educational resources, and frequently asked questions to help better understand PCI DSS Requirement 11.3.2, which requires evidence of passing external scans, performed by an ASV, at least once every three months.
