Tenable PCI ASV

STREAMLINE PCI ASC CERTIFICATE

Merchants and associated service providers must accept and/or process credit cards to meet their revenue goals. This requires authorization based in part on passing a quarterly PCI DSS ASV assessment, which is conducted by an approved scanning vendor (ASV).

Tenable ASV, approved by the Payment Card Industry Security Standards Council (PCI SSC), conducts external vulnerability scans of a merchant or supplier’s network. Tenable PCI ASV, an add-on to Tenable Vulnerability Management, streamlines PCI data security compliance verification. With pre-configured scan templates and a streamlined dispute resolution process, you can quickly launch scans, submit attestation requests, and resolve disputes.

Using Tenable Vulnerability Management

Tenable Vulnerability Management delivers multiple applications to solve your toughest security challenges, such as vulnerability management, container security, and web application scanning.

Streamlines PCI ASV Attestation

Helps meet quarterly PCI ASV scanning requirements with minimal impact on staff resources

Increases trust with comprehensive vulnerability scanning

Built on Tenable’s leading Nessus technology, which delivers fast, accurate scanning across the industry’s widest asset and vulnerability coverage

Convenient scanning

Tenable Vulnerability Management includes pre-configured templates for quarterly PCI scans that provide a thorough assessment of the vulnerability of external PCI assets. These templates allow you to scan assets at your organization’s convenience. If necessary, you can easily re-scan failed assets until the results are ready for review.

Effective error removal

If one or more assets were incorrectly included in the scan, you can quickly mark them as “out of scope.” If an asset in scope has medium to high vulnerabilities, an intuitive workflow guides you through the dispute process. Disputes can be assigned to the most qualified individuals to provide the relevant information, provide a reason why the failure should be ignored, and attach documentation as supporting evidence. To further streamline remediation, you can create bulk failure disputes and provide a single reason/supporting evidence covering potentially hundreds of failures. Additionally, you can reuse disputes already submitted and accepted in previous quarters.

Continuous visibility

Once the scan is submitted to Tenable for ASV review, you can view the current status of your validation request. Each dispute is marked as unreviewed, reviewed, passed, failed, and additional information required. If additional information is needed, you will be notified via email. Once all disputes have been approved, your ASV request will be marked as approved.

Full reporting

Once your ASV review is complete, you can export a range of reports, including an executive summary, a detailed report, and an ASV Scan Report Attestation of Scan Compliance, which you can send to your acquirer and/or participating payment brands.