PCI ASV Services – External Vulnerability Scanning

0Tolerance, as a PCI Qualified Security Assessor (QSA), also offers PCI Approved Scanning Vendor (ASV) services. We provide access to a secure web portal for your ASV External Vulnerability Scanning needs. The portal will allow you to see your scope, any scheduled quarterly or monthly scans, the results of those scans, the ability to kick off rescans, request exceptions, and download all necessary reporting. The reporting available includes the Attestation of Scan Compliance (AoSC), Executive Summary, Detailed Findings, and Remediation Tracker. You can invite additional users to your account, so they can specifically work on remediation efforts and access the remediation tracker.

SAQ Access

If your organization completes an annual Self-Assessment Questionnaire, the SAQ Wizard will help you determine the proper SAQ type to complete based on how payment cards are handled. Just answer quick qualification questions first. This is included with the external scanning.

Internal Vulnerability Scanning

We also include two options. The first is PCI Internal Vulnerability Scanning. We provide a virtual machine to be connected to your internal environment for internal scanning purposes. The internal scan results are available in the same portal, so you do not need to manage multiple panes of glass and system processes for external and internal scanning. Our experienced team will assist in the VM setup; you’re not alone with this.

Dark Web Domain Monitoring

Additionally, we offer dark web domain monitoring. With this monitoring, we crawl the dark web daily or weekly, looking for threat intelligence related to your domain. For example, we’d be looking for intelligence related to yourdomain.com users, forum messages, or other activity. We’ll provide a summary of the findings and details, such as the originating site record (.onion detail).