Submit an Attestation for ASV Review

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

Required User Role: Administrator

Before you begin:

To submit an attestation for ASV review:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. Click PCI ASV.

    The PCI ASV page appears, displaying a scans table.

  3. In the In Remediation tab, click the attestation you want to submit for ASV review.

    The Attestation Details page appears.

  4. (Optional) To update the name of the attestation, in the General Information tab, in the Name box, type a new name.
  5. (Optional) To update the owner of the attestation, in the General Information tab, in the Owner drop-down box, select the owner you want to assign to the attestation.
  6. Do one of the following:
    • Fix any undisputed failures before submitting the attestation:
      1. On the Undisputed Failures tab, create a dispute for each failure.
      2. Click Submit to ASV Review.
    • Submit the attestation with known failures.

      Note: You may want to submit an attestation with undisputed failures if you need guidance on handling these failures, or if you need to obtain an initial attestation with a list of identified failures.

      Caution: If you submit an attestation that has undisputed failures to ASV for review, the ASV reviewer must fail the attestation.

      1. Click Submit to ASV Review.

        The Submit for ASV Review panel appears.

      2. In the Select the reason for submitting this scan drop-down, select the reason you want to submit the scan with known failures.

      3. In the Comments box, provide any additional information on why you want to submit the scan with known failures.

      4. Click Submit Scan.

    The Attestation Detail page appears.

  7. In the Attestation Agreement section, carefully read the terms of the attestation agreement.
  8. Click Attest.

    An Attestation Successfully Submitted for ASV Review success notification appears, and Tenable.io adds the attestation to the In Review tab.

    After the ASV review completes the review, the attestation appears under the In Review tab. If the attestation passed, a icon appears in the row. If the attestation failed, a failed icon icon appears in the row.

    Note: Once your attestation moves to the In Review or Attestation tab, the attestation is read-only. You cannot make additional changes to the attestation unless an ASV reviewer initiates an information request.

    Tip: After you create your first attestation request, the New Attestation screen automatically populates the above fields with your previously entered information in each subsequent attestation request.

What to do next:

  • After a scan has been submitted for ASV review, it is assigned to an ASV Assessor within 5 business days. Then the initial review of the scan begins.

  • If the ASV reviewer requests additional information about your disputed failures, respond to the requests. For more information, see Respond to an ASV Review Information Request.
  • Tenable advises that you submit an ASV scan 1-2 weeks before any compliance deadlines to ensure there is enough time to complete the review process.