PCI DSS Requirement 11 requires quarterly external network vulnerability scanning be performed by an Approved Scanning Vendor (ASV) approved by the PCI Security Standards Council (PCI SSC). Scans must also be performed after any significant change in the network topology, firewall rule modifications, and/or product upgrades.
BSI Consulting Services is a qualified ASV firm, approved by the PCI Security Standards Council. While our scanning services help to guide our clients toward DSS compliance, we also believe it is a best practice to routinely scan external and internal network devices as part of an ongoing vulnerability management program. Our qualified ASVs are available to provide assistance with scoping and interpretation of scan results. Our goal is to assist our clients to achieve quarterly passing scans and to provide them with their quarterly attestation as required by the Data Security Standard, as well as identify areas that increase risk of exposure to externally available systems.