Approved Scanning Vendor (ASV) ™
About the Course
The PCI ASV training program, for staff and security personnel of ASV companies, is comprised of an in-depth eight-hour online course and exam covering the Payment Card Industry (PCI), Payment Card Industry Data Security Standards (PCI DSS) requirements and ASV scan testing procedures. With the knowledge gained in this training, ASV staff will be better equipped to serve their customers in ensuring the quality of scan outputs and providing reports that are complete and accurate.
The course curriculum covers:
- PCI DSS Program Overview
Outlines the PCI DSS lifecycle, and the 12 requirements of PCI DSS.
- Payment Industry Terminology and Relationships
Provides an overview of the payment industry terminology, key service provider relationships and the transaction flows associated with various payment industry processes.
- Compliance Validation, Requirements and Process
Outlines merchant and service provider levels, and validation and reporting requirements for merchant levels and service providers for payment brands associated with PCI SSC.
- Roles and Responsibilities, ASV Overview and Quality Assurance
Discusses roles and responsibilities, and covers aspects of external vulnerability scanning, such as overview of the scan process, scoping an ASV scan, the ASV scan solution, scan reporting, and quality assurance.
- General Requirements for Scanning
Reviews contracting, scope for ASV scans, procedures for scan customers and ASVs, and the characteristics of scan solutions.
- Scan Reporting
Examines scan report contents, reading and interpreting reports, vulnerability reporting, and the Common Vulnerability Scoring System or CVSS.
- Scanning Vendor Testing and Approval Process
Details the testing and approval process for ASV companies.
The course concludes with an online exam.