PCI ASV SERVICES
LRQA Nettitude is a PCI Approved Scanning Vendor (PCI ASV).
As part of the security standard, there is a requirement for organisations to undertake quarterly vulnerability assessments of internal and external resources. In addition, organisations are charged with ensuring that their wireless airspace is secure, through carrying out rogue access point detection and wireless scans. Finally, PCI DSS requires that organisations carry out annual external and internal penetration tests that assess the network, the operating system and the applications that are part of the cardholder environment.
Self-service ASV Services
Many clients like the flexibility of being able to conduct ASV scans themselves. Instead of conducting them once per quarter, they may choose to run them daily, weekly or on a more ad-hoc basis.
LRQA Nettitude provides a self-service ASV portal for clients. The secure engine allows clients to schedule scans on-demand. It is powered with the same logic as LRQA Nettitude’s consultancy-led ASV service but has the added flexibility of running scans on more than just once per quarter.
LRQA Nettitude’s self-service ASV portal allows for both infrastructure and web application vulnerability assessments to be conducted in unison. The solution has been fully approved for PCI ASV scanning across all geographies.
Consultancy-led ASV Services
One of the biggest concerns of any automated vulnerability assessment service is false positives. Although LRQA Nettitude is able to provide an automated approach for ASV scanning with an exceedingly high rate of accuracy, many clients prefer a more consultancy-led engagement.
The benefits of consultancy-led ASV engagements are:
- LRQA Nettitude runs the whole test from start to finish
- LRQA Nettitude manually validates all vulnerabilities
- LRQA Nettitude removes any false positives identified in the assessment
- The whole engagement is project managed by a certified ASV consultant
Through this approach, LRQA Nettitude takes the headache out of the ASV process. If we find issues within your internet-facing infrastructure, we will provide guidance over the phone to help remediate the issues. We work as an extension of your security team to help you obtain and maintain PCI compliance.
Get a free quote