Skip Ribbon Commands
Skip to main content
Home > Services > Audit and Compliance > PCI ASV Scans




A Payment Card Industry (PCI) ASV Scan checks your network for any security vulnerabilities that may impact your organization’s ability to comply with the PCI Data Security Standard (DSS). All vendors and merchants that must abide by PCI compliance regulations are required to perform quarterly Vulnerability Scans of their external PCI network.

The PCI Security Standards Council requires that compliant organizations use an Approved Scanning Vendor (ASV) to conduct scans. SecureState is an Approved Scanning Vendor and is authorized to perform PCI scans on a vendor’s or merchant’s externally facing PCI presence.


  • Meets Requirement 11.2.2 of PCI DSS v2.0
  • Identification of externally facing vulnerabilities
  • Provides insight to overall external security exposure for the organization


SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. We are independent of all products; therefore, you can be certain we are using only the leading commercial scanning tools on the market. Our experienced consultants test these tools on a quarterly basis to ensure we are using the best available IT security audit tools on the market.

Did You Know?

  • Your organization must attest to the scope and conduct of all scans
  • A passing scan is required for all external facing systems on a quarterly basis
  • SecureState uses Qualys tools for vulnerability scanning
  • Re-scans are required after failing scans to validate that findings have been fixed
  • PCI requires that scanning be conducted after any significant system and infrastructure changes

Our Approach and Methodology

SecureState offers two packages for ASV Scanning as described below:

Self-Service – Unlimited scanning package:

Provides a portal which gives the customer the ability to run their own ASV scans and submit to SecureState after a passing scan is achieved.

Full-Service – Pre-Scan and Scan package:

SecureState provides a more consultative approach to PCI ASV scans. During this approach, our qualified consultants run the scans on the customer’s behalf and help with remediation of any vulnerability resulting in a failing scan. SecureState consultants work hand-to-hand with their customers to ensure vulnerability remediation and false positive identification and documentation in order to ensure a successful passing scan.


What Makes Us Different


  • Provides comprehensive on-demand security expertise during the engagement and throughout the year
  • Offers two PCI ASV scanning packages which meet the demands of any size organization and personnel expertise
  • Partner with only the best licensed ASV commercial scanning tool vendors

Related Services