There are several factors to consider when selecting the appropriate ASV to perform scans for your business. Certain ASVs provide superior scanning services, which in some cases means that they are more adept at reducing the occurrence of false positives.
It can be time consuming and costly to eliminate false positives from a scan. A reputable approved scanning vendor will maintain an ongoing system for tuning scan engines to produce accurate results without slowing down your system.
The appropriate ASV for merchants will meet their requirements. When conducting ASV research, it is critical to consider what each service provider can offer and whether those services are sufficient for your security requirements, such as whether they offer additional managed security services.
It can be beneficial to look into their history and the success rate of their previous scans. Additionally, it can be beneficial to learn about their staff’s experience. Having experience conducting vulnerability scans is critical for receiving the most accurate recommendations regarding your unique and individual network environments.
Because new vulnerabilities are discovered on a regular basis, it is up to each company to decide whether to conduct scans at intervals other than the recommended quarterly intervals. While some ASVs charge for each scan and rescan, others offer free rescans.
It is possible to locate an ASV that offers additional services in addition to exterior vulnerability scanning. Certain companies will provide more comprehensive services that go above and beyond to ensure accurate compliance and comprehensive security.
Finally, it is critical to determine whether an ASV is currently undergoing remediation. If they are in remediation, this indicates that the company does not currently meet all of the ASV Qualification Requirements. The PCI SSC will identify a company that is undergoing remediation by highlighting their company name and email address in red text.
They will be included in the listing alongside all other ASV companies, but only for a limited period of time. They will be removed from the list if they remain in remediation for an extended period of time. PCI SSC recommends contacting a company currently undergoing remediation for additional information on their status.
When hiring a new ASV, it is beneficial to inquire about the company’s experience with remediation, as this can aid in your decision.