Welcome to Tenable PCI ASV

Last updated: February 29, 2024

Credit card industry standards dictate that companies whose networks process payment card transactions must scan those networks for Payment Card Industry Data Security Standards (PCI DSS) compliance at regular intervals. Additionally, these companies must submit their scan results to a third-party Approved Scanning Vendor (ASV) for review.

Tenable PCI ASV allows you to take comprehensive scans of your networks so you can identify and address vulnerabilities and ensure your organization complies with PCI DSS. Tenable is also a licensed ASV reviewer, providing the external scanning and validation that PCI Security Standards require. The Tenable PCI ASV process strictly follows PCI Compliance Guidelines, ensuring that vulnerabilities do not exist for more than 90 days on any networks that involve payment card transactions. This user guide aims to help you navigate the Tenable PCI ASV process from start to finish.

The team is primarily utilized to assess the false positives and compensating controls. The team evaluates disputes via the Tenable PCI ASV Workbench in accordance to the public guide. It's the ASV assessor's responsibility to ensure that the scan customers disputes have appropriate evidence and are defensible when viewed by other stake holders in the PCI process. If needed, assessors ask for further clarification of a dispute.

In-depth consulting is currently not part of the service as the guide relegates such duties to the scan customer's trusted security professional. This ensures that the assessors are performing separate duty and not involved in the design or modification of security controls, where resolution of inconclusive scans involves ASV personnel, the personnel must be ASV Employees qualified by PCI SSC per Section 3.2, "ASV Employee – Skills and Experience" of the ASV Qualification Requirements.