AnsweredAssumed Answered

New Requirements of PCI for ASV Scanning Vendors

Question asked by aadityauthappa on Dec 20, 2013

Here are the new qualification requirements for ASV that relates to the integrity controls for the scanning solution. Can you please let me know Qualys would enable us to comply with the same?

Requirement that the ASV Company has controls to maintain the integrity of their ASV Scan Solution tool(s). ASV Scan Solutions must:

  • Be protected from unauthorized access
  • Adhere to the ASV Company’s change management policy and processes for changes to the ASV Scan Solution
  • Be monitored or able to produce an alert when changes are made
  • Ensure the ASV Company’s systems cannot be used to gain unauthorized access to a Scan Customer’s environment