PCI ASV SERVICES
Nettitude is a PCI Approved Scanning Vendor (PCI ASV).
As part of the security standard, there is a requirement for organizations to undertake quarterly vulnerability assessments of internal and external resources. In addition, organizations are charged with ensuring that their wireless airspace is secure, through carrying out rogue access point detection and wireless scans. Finally, PCI DSS requires that organizations carry out annual external and internal penetration tests that assess the network, the operating system and the applications that are part of the cardholder environment.
Self-service ASV Services
Many clients like the flexibility of being able to conduct ASV scans themselves. Instead of conducting them once per quarter, they may choose to run them daily, weekly or on a more ad-hoc basis.
Nettitude provides a self-service ASV portal for clients. The secure engine allows clients to schedule scans on-demand. It is powered with the same logic as Nettitude’s consultancy-led ASV service but has the added flexibility of running scans on more than just once per quarter.
Nettitude’s self-service ASV portal allows for both infrastructure and web application vulnerability assessments to be conducted in unison. The solution has been fully approved for PCI ASV scanning across all geographies.
Consultancy-led ASV Services
One of the biggest concerns of any automated vulnerability assessment service is false positives. Although Nettitude is able to provide an automated approach for ASV scanning with an exceedingly high rate of accuracy, many clients prefer a more consultancy-led engagement.
The benefits of consultancy-led ASV engagements are:
- Nettitude runs the whole test from start to finish
- Nettitude manually validates all vulnerabilities
- Nettitude removes any false positives identified in the assessment
- The whole engagement is project managed by a certified ASV consultant
Through this approach, Nettitude takes the headache out of the ASV process. If we find issues within your internet-facing infrastructure, we will provide guidance over the phone to help remediate the issues. We work as an extension of your security team to help you obtain and maintain PCI compliance.