ASV Vulnerability Scanning
PCI DSS requires all companies processing card payments to comply with a quarterly external vulnerability scan. SecureConnect® will provide automated quarterly vulnerability scans on the external IP addresses of your network. This test will look for known vulnerabilities and configuration issues that potentially could be exploited by hackers, worms, or viruses.
The scan will identify computer or network vulnerabilities and configuration issues related to the Routers, Firewalls, Web Servers, Application Servers, DNS Servers, Mail Servers, Virtual Hosts, and Wireless Access Points.
Scanning Process
Upon subscribing to this service, SecureConnect® will:
- Automatically obtain the Internet-facing Internet Protocol (IP) addresses at each SecureConnect® location.
- Automatically scan the list of active IP addresses and/or domains quarterly for known vulnerabilities and configuration issues.
- If any exploits or vulnerabilities are detected, the customer will be notified. Upon remediation steps being taken, the PCI ASV vulnerability scan will be performed again to verify the vulnerability has been remedied.
- Provide an executive summary report with compliance statement
- Provide a detailed finding report with recommendations
- Reports will be delivered securely via the MySecureConnect web portal
Approved Scanning Vendor
BHI Advanced Internet is a PCI Approved Scanning Vendor (ASV). The ASV qualification is a rigorous process conducted by the Payment Card Industry Security Standards Council (PCI SSC).
The PCI SSC evaluates companies based on several factors including depth and breadth of expertise, corporate reputation and integrity, internal processes and procedures, and the results of a real-world simulated scanning test. Only these select companies that maintain the ASV certification are allowed to perform the vulnerability scanning necessary for merchants to validate PCI compliance.
|
SecureConnect Solutions 
