You are here: Additional Resources > PCI ASV Validation

Unofficial PCI ASV Validation Scan

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers.

Tenable Network Security is a PCI Approved Scanning Vendor (ASV), and is certified to validate vulnerability scans of Internet-facing systems for adherence to certain aspects of the PCI Data Security Standards (PCI DSS) and is a validated Approved Scanning Vendor (ASV) solution.

Nessus Professional and Nessus Manager features 2 PCI related scan templates:

Internal PCI Network Scan

This template creates scans that may be used to satisfy internal (PCI DSS 11.2.1) scanning requirements for ongoing vulnerability management programs that satisfy PCI compliance requirements. These scans may be used for ongoing vulnerability management and to perform rescans until passing or clean results are achieved. Credentials can optionally be provided to enumerate missing patches and cilent-side vulnerabilities.

Note: while the PCI DSS requires you to provide evidence of passing or "clean" scans on at least a quarterly basis, you are also required to perform scans after any significant changes to your network (PCI DSS 11.2.3).

Unofficial PCI Quarterly External Scan

The Unofficial PCI Quarterly External Scan template creates a scan that simulates an external scan (PCI DSS 11.2.2) performed by to meet PCI DSS quarterly scanning requirements. Although the results may not be submitted for validation, they may be used to see what "official" results might look like. Users that have external PCI scanning requirements should use this template in, which allows scanning unlimited times before submitting results to Tenable Network Security for validation ( is a validated ASV solution).

For more information on performing and submitting an official PCI Quarterly External Scan, see the User Guide.

Submit Scan Results

Only customers have the option to submit their PCI scan results to Tenable Network Security for PCI ASV validation.

When submitted, scan results are uploaded and the scan results can be reviewed from a PCI DSS perspective.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.