Continued PCI ASV Certification and Increased Compliance Efforts

For nine years running, Solutionary has passed the PCI ASV lab test. It's been nine years since we received our first certification – even before PCI was formed and MasterCard used to run the scanning lab under the Site Data Protection (SDP) program.

As PCI forges ahead, we have been busy increasing and expanding our ASV program including a fully PCI-compliant workflow system built into the ActiveGuard® portal. This lets clients manage false positives, undocumented services, special notes and much more. It’s a breeze, seamlessly integrating your interaction with the findings and the Solutionary Operation Center (SOC). No more emails between you and your ASV; no phone calls; no more paying for revalidation scans beyond your “one free quarterly re-assessment”. Your ASV should be your partner in your PCI scanning program, not a “tool” that is a difficult and frustrating to work with.

As of June 30, PCI requirements for PCI 6.2 –Risk Ranking on Vulnerabilities became actual requirements as opposed to “best practices”. The requirement states in part that an organization must “establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities.” The goal is to help ensure that companies manage security and vulnerabilities in a proactive, rather than reactive fashion.

To ensure that clients can manage internal scanning in a PCI compliant fashion,Solutionary has implemented PCI support for internal scanning. PCI scanning - both external and internal - doesn’t have to, and shouldn’t, be a huge drain on your company. Your ASV should have efficient tools and processes that free you up from red tape and headaches. Your ASV should enable your ability to focus on actively managing and actually fixing vulnerabilities while getting you compliant. If they can’t do that, and they end up trying to make this work with their antiquated process, maybe it is time to rethink your ASV!