Recently Viewed Topics
Get Started with PCI ASV
Using the proper PCI scan template, customers may need to scan their relevant IPs and/or Web Applications multiple times. Because clean scans are unlikely, users can remediate and rescan to achieve the cleanest scan possible. Users can select multiple scans at a time to submit for attestation.
Best practices for scans are as follows:
- Determine what data needs to be scanned in your cardholder data environment (CDE).
- Create a scan using one of the following PCI scan templates.
- To create a Nessus PCI ASV scan, use the PCI Quarterly External Scan template.
- To create a Web Application Scanning PCI ASV scan, use the PCI WAS Scan template.
- Launch the scan.
- Submit the scan for PCI validation.
- Submit an Attestation for ASV Review.
- If necessary, Create a Dispute for any failures.
- Finalize the submission for ASV review.
See the ASV Review section for more information about reviews and disputes.
Note: Because the nature of a PCI Quarterly External scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate Tenable.io data. This is by design.