TOC & Recently Viewed

Recently Viewed Topics

Get Started with PCI ASV

Using the proper PCI scan template, customers may need to scan their relevant IPs and/or Web Applications multiple times. Because clean scans are unlikely, users can remediate and rescan to achieve the cleanest scan possible. Users can select multiple scans at a time to submit for attestation.

Best practices for scans are as follows:

  1. Determine what data needs to be scanned in your cardholder data environment (CDE).
  2. Create a scan using one of the following PCI scan templates.
    • To create a Nessus PCI ASV scan, use the PCI Quarterly External Scan template.
    • To create a Web Application Scanning PCI ASV scan, use the PCI WAS Scan template.
  3. Launch the scan.
  4. Submit the scan for PCI validation.
  5. Submit an Attestation for ASV Review.
  6. If necessary, Create a Dispute for any failures.
  7. Finalize the submission for ASV review.

See the ASV Review section for more information about reviews and disputes.

Note: Because the nature of a PCI Quarterly External scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate data. This is by design.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.