Unofficial PCI ASV Validation Scan

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain Data Security Standards (DSS) requirements by performing vulnerability scans of internet facing environments of merchants and service providers.

Tenable, Inc. is a Payment Card Industry (PCI) ASV, and is certified to validate vulnerability scans of internet-facing systems for adherence to certain aspects of the PCI DSS and is a validated ASV solution.

Nessus Professional and Nessus Manager features two PCI-related scan templates: Internal PCI Network Scan and Unofficial PCI Quarterly External Scan.


Internal PCI Network Scan

This template creates scans that may be used to satisfy internal (PCI DSS 11.2.1) scanning requirements for ongoing vulnerability management programs that satisfy PCI compliance requirements. These scans may be used for ongoing vulnerability management and to perform rescans until passing or clean results are achieved. Credentials can optionally be provided to enumerate missing patches and cilent-side vulnerabilities.

Note: While the PCI DSS requires you to provide evidence of passing or "clean" scans on at least a quarterly basis, you are also required to perform scans after any significant changes to your network (PCI DSS 11.2.3).

Unofficial PCI Quarterly External Scan

The Unofficial PCI Quarterly External Scan template creates a scan that simulates an external scan (PCI DSS 11.2.2) performed by to meet PCI DSS quarterly scanning requirements. Although the results may not be submitted for validation, they may be used to see what official results might look like. Users that have external PCI scanning requirements should use this template in, which allows scanning unlimited times before submitting results to Tenable, Inc. for validation ( is a validated ASV solution).

For more information on performing and submitting an official PCI Quarterly External Scan, see the User Guide.

Submit Scan Results

Only customers have the option to submit their PCI scan results to Tenable, Inc. for PCI ASV validation.

When submitted, scan results are uploaded and the scan results can be reviewed from a PCI DSS perspective.