ASV responsibilities

The responsibilities of an ASV

  • Performing external vulnerabilty scans in accordance with PCI DDS requirement 11.2.
  • Maintaining security and integrity of systems and tools that are used to perform scans
  • Making reasonable effort to ensure scans:
    • Do not impact the normal operation of the customer environment
    • Do not penetrate or intentionally alter the custom environment
  • Scanning all IP ranges and domains provided by customer to identify active IP adresses and services
  • Consulting with the customer to determine if IP addresses found, but not provided by the customer, should be included
  • Providing a determination as to whether the customer’s components have met the scanning requirement
  • Providing adequate documentation within the scan report to demonstrate the compliance or non-compliance of the customer’s components with the the scanning requirements
  • Submitting the ASV Scan Report Attestation of Scan Compliance in accordance with the acquirer of payment brand instructions
  • Retaining scan reports and related work products for two years
  • Providing the customer with a means for disputing findings in the scan report
  • Maintaining an internal quality asssurance process for ASV

Do you want to know more about ASV responsibilities?

Or do you want information about something else? Contact us below and we will contact you shortly!


  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100
  • info@24solutions.com