ControlScan has been a PCI Approved Scanning Vendor (ASV) since 2007. With their scanning program, our merchants quickly and easily meet PCI DSS requirement 11.2, which specifies that external vulnerability scans must be conducted at least once every three months. Our program allows merchants to:
- Scan their perimeter to check for cross-site scripting, SQL injection, remote file inclusion and many other application and network-based vulnerabilities;
- Determine where issues are occurring and understand next steps;
- Schedule scan timeframes, and modify them, with complete flexibility;
- Include artifacts and statements that support remediation efforts; and
- Send vulnerability information to third parties, such as a hosting provider, so they can assist with compliance efforts.
ControlScan’s PCI External Vulnerability Scanning is a cloud-based service, so there's no hardware or software to install and maintain. Their user-friendly scanning solution gives our merchants complete visibility and control:
- Anywhere Anytime Scanning: Responsive design for easy viewing and interaction from any device—including mobile.
- Multi-Target Scanning: Both IP addresses and domain URLs can be managed and monitored simultaneously.
- Multi-Location Scanning: This capability empowers businesses with multiple locations, such as company-owned store chains and franchise businesses, to administer and manage PCI external vulnerability scans across separate locations with independent cardholder data environments.
Merchants enrolled in our program also enjoy access to Security Awareness Training, to assist them with complying with requirement 12.6, and the PCI Policy Builder, to ensure compliance with requirement 12.1.