TOC & Recently Viewed

Recently Viewed Topics

Unofficial PCI ASV Validation Scan

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of internet facing environments of merchants and service providers.

Tenable, Inc. is a PCI Approved Scanning Vendor (ASV), and is certified to validate vulnerability scans of internet-facing systems for adherence to certain aspects of the PCI Data Security Standards (PCI DSS) and Tenable.io is a validated Approved Scanning Vendor (ASV) solution.

Nessus Professional and Nessus Manager features 2 PCI related scan templates:

Internal PCI Network Scan

This template creates scans that may be used to satisfy internal (PCI DSS 11.2.1) scanning requirements for ongoing vulnerability management programs that satisfy PCI compliance requirements. These scans may be used for ongoing vulnerability management and to perform rescans until passing or clean results are achieved. Credentials can optionally be provided to enumerate missing patches and cilent-side vulnerabilities.

Note: while the PCI DSS requires you to provide evidence of passing or "clean" scans on at least a quarterly basis, you are also required to perform scans after any significant changes to your network (PCI DSS 11.2.3).

Unofficial PCI Quarterly External Scan

The Unofficial PCI Quarterly External Scan template creates a scan that simulates an external scan (PCI DSS 11.2.2) performed by Tenable.io to meet PCI DSS quarterly scanning requirements. Although the results may not be submitted for validation, they may be used to see what "official" Tenable.io results might look like. Users that have external PCI scanning requirements should use this template in Tenable.io, which allows scanning unlimited times before submitting results to Tenable, Inc. for validation (Tenable.io is a validated ASV solution).

For more information on performing and submitting an official PCI Quarterly External Scan, see the Tenable.io User Guide.

Submit Scan Results

Only Tenable.io customers have the option to submit their PCI scan results to Tenable, Inc. for PCI ASV validation.

When submitted, scan results are uploaded and the scan results can be reviewed from a PCI DSS perspective.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.