ASV Scanning Services
ASV Scanning is an essential part of the PCI DSS requirements. The ASV Scan must be performed on all systems facing the Internet – amongst them also load balances, mail, DNS and firewalls, also web applications and wireless networks. Note that all entities facing the Internet must be tested if they are in the same DMZ, or if they are not separated physically or absolutely logically.
FortConsult offers ASV scanning to our PCI clients to help them stay compliant with PCI DSS. Although this is a fairly automated, low-cost service, the customer has the ability to confer with FortConsult regarding understanding of the scanning results.
No systems can have vulnerabilities that are rated “high” – in this case the vulnerability must be remediated, and a new test must be done, which verifies that the vulnerability is removed. It is the client's own responsibility that all systems are scanned in accordance to the PCI DSS Standard. Also, it is the customer’s responsibility that there are no technical obstructions, which makes the scan impossible. An ASV Scan must be performed every quarter – and when large changes occur to the technical setup.