PCI Scanning Requirements
0Tolerance is a listed Payment Card Industry (PCI) Qualified Security Assessor (QSA) and can help you understand the PCI Scanning requirements.
PCI Scanning Requirements
PCI External Vulnerability Scanning Requirements
Must be performed by a PCI Approved Scanning Vendor.
Who needs it?
- All Service Providers
- Level 1 Merchants
- Level 2-4 Merchants completing SAQ Types A-EP, B-IP, C, or D.
PCI Internal Vulnerability Scanning Requirements
Who needs it?
- All Service Providers
- Level 1 Merchants
- Level 2-4 Merchants completing SAQ Types C or D.


QSA Services for Merchants and Service Providers
We perform the following engagements
- Level 1 Compliance Assessments (Report on Compliance)
- Level 2 Compliance Assessments (Assisted SAQ)
- Gap, Risk and Readiness Assessments
PCI Penetration Testing
0Tolerance performs penetration testing and segmentation testing for PCI purposes.
- External network and application pen testing
- Internal network pen testing
- Segmentation testing




PCI Approved Scanning Vendor
0Tolerance offers an industry-leading ASV solution that has been customized to our needs for your benefit.
- External vulnerability scans for ASV purposes
- Attestations of Scan Compliance (AoSC) and Seals
- Complete the Self-Assessment Questionnaire(s) Online

