Maintain adherence through conducting the mandatory internal and external network vulnerability scans.

Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI DSS Approved Scanning Vendor (ASV) solutions for your technologies and teams. Our integrated training and scanning offering helps you achieve your compliance requirements.

Reflare Powered by Dot.Bit

PCI Compliant Entities

Organisations subject to PCI DSS compliance must meet requirement 11.2, which states, “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades)”.

In addition, if there are any external networks and systems involved in your PCI landscape, fulfilling PCI DSS requirement 11.2.2 is mandatory, “Perform quarterly external vulnerability scans, via an Approved Scanning Vendor (ASV) approved by the Payment Card Industry Security Standards Council (PCI SSC). Perform rescans as needed, until passing scans are achieved”.


External Scanning

ASVs conduct external vulnerability scanning services. They perform regular scans of an organisation's externally facing IP addresses as part of the PCI DSS requirements.

The scope of ASV scans typically includes all external IP addresses that are part of the cardholder data environment or could potentially impact the security of the cardholder data environment.

This can encompass web servers, email servers, DNS servers, and any other systems accessible from the internet. The goal is to ensure that these systems do not have known vulnerabilities that could be exploited to compromise sensitive payment card information.


Security Assurance

PCI DSS ASV is essential for organisations handling payment card transactions, ensuring cardholder data security by defending against cyber threats to external network interfaces.

Through regular external vulnerability scans, ASVs play a key role in identifying and fixing security vulnerabilities, forming an integral part of a company's cybersecurity strategy to protect against data breaches and maintain trust in the global payment system.


Maintain Compliance

Our team and partners are equipped to serve as an Approved Scanning Vendor (ASV) for your organisation, ensuring that your compliance requirements are met.

With affordable pricing and easy deployment, we serve as a robust first line of defence against common errors and security lapses while aiding in compliance with regulatory requirements.

Beyond regular scanning to identify unaddressed vulnerabilities, our services include schedule management, high-risk vulnerability alerts, and remediation guidance, effectively handling ASV responsibilities to let you concentrate on key business tasks.

Reflare Powered by Dot.Bit

PCI DSS Approved Scanning Vendor (ASV) Ongoing Compliance

Process Steps
Requirement Clarification
Help you understand the requirements, how they apply to your environment and setting the scope for assessment.
Gap Analysis
Perform GAP analysis and provide a detailed report on the findings.
Compliance Audit
Undertake the mandatory IT audit required by PCI DSS.
Security Assessments
Perform mandated cyber security assessments such as vulnerability scanning, penetration testing, and ASVs.
Mitigation Planning
Create a mitigation action plan and provide detailed guidance to address all findings.
Documentation Creation
Create necessary IS documentation, policies, and procedures.
Staff Training
Upskill your developers and administrators to meet compliance requirements.
Control Implementation
Implement technical solutions and security controls.
Compliance Submission
Perform the final orders and submit the report on compliance (RoC) and Attestation of Compliance (AoC).
With reasonable pricing and ease of deployment, automatic scans are a great first line of defence against common errors and overlooked security issues. By scanning regularly, you can ensure that your organisation does not leave the proverbial back door open by accident, in addition to meeting your regulatory requirements.