What is ASV scanning

ASV services are vendor-approved vulnerability scanning services performed in order to conduct vulnerability scans in line with PCI DSS requirements and form part of a comprehensive risk management strategy. 

Payment Card Industry (PCI) Data Security Standard (DSS), requirement 11.2 mandates organisations to:

  • Conduct internal and external network vulnerability scans at least quarterly and after any significant change in the network.
  • Quarterly external scans must be performed by an Approved Scanning Vendor (ASV).

An ASV scan identifies perimeter vulnerabilities in operating systems, applications and services within your CDE environment, which can leave your organisation at risk.

The Challenges of PCI ASV Scan

ASV scans are critical to an organisation’s overall security posture because attackers are increasingly targeting digital assets, including websites and other public-facing portals that often transmit sensitive information. Unfortunately, PCI DSS requires four quarterly passing scans for compliance which can be difficult to achieve. 

The Benefits of PCI ASV Scan

ASV scanning is a part of an overall vulnerability management process. It has become a critical task for IT security teams because of the evolving threats to operating systems and network devices. SecuriCentrix service delivers proven ASV scans by identifying vulnerabilities in perimeter operating systems and applications. 

The consistent and periodic service delivers:

  • Identification of vulnerabilities on perimeter operating systems and applications.
  • Continuous scanning to mitigate risk.
  • Reduces the cost of purchasing and maintaining tools and resources.

We at SecuriCentrix help you

Why Choose Us

SecuriCentrix is a provider of managed security services. Our ASV service helps organisations achieve PCI DSS by identifying weaknesses that could enable card payment details to be compromised by criminal attackers. We use the best tools available, and we provide remediation advice and guidance on failed scans.

Frequently Asked Questions

Three types of vulnerability scans conducted against an environment are internal vulnerability scans, external vulnerability scans and ASV scans. 

Internal vulnerability scans
Internal vulnerability scans are conducted from within an environment by either a qualified internal or external professional using business approved scanning software to identify the vulnerabilities and all the available ports for each system.

External Vulnerability Scan
External vulnerability scans are conducted from the Internet to the target organisation. External scans target external IP addresses in your network, identify vulnerabilities and all the ports that accessible from the Internet.

ASV Scans
ASV Scans are exactly like external vulnerability scans; however, they are performed by a PCI certified Approved Scanning Vendor to validate PCI DSS Compliance.

Yes. Any scanning company with validation from an independent standards council can conduct an ASV scan. 

Our services

SecuriCentrix’s security services are designed to provide the vital assistance needed to make tangible improvements to your organisation’s cyber security posture.


Expert security services and solutions tailored to your needs