Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Approved Scanning Vendor (ASV) ™

About the Course

The PCI ASV training program, for staff and security personnel of ASV companies, is comprised of an in-depth eight-hour online course and exam covering the Payment Card Industry (PCI), Payment Card Industry Data Security Standards (PCI DSS) requirements and ASV scan testing procedures. With the knowledge gained in this training, ASV staff will be better equipped to serve their customers in ensuring the quality of scan outputs and providing reports that are complete and accurate.

Course Description

The course curriculum covers:

  • PCI DSS Program Overview
    Outlines the PCI DSS lifecycle, and the 12 requirements of PCI DSS.
  • Payment Industry Terminology and Relationships
    Provides an overview of the payment industry terminology, key service provider relationships and the transaction flows associated with various payment industry processes.
  • Compliance Validation, Requirements and Process
    Outlines merchant and service provider levels, and validation and reporting requirements for merchant levels and service providers for payment brands associated with PCI SSC.
  • Roles and Responsibilities, ASV Overview and Quality Assurance
    Discusses roles and responsibilities, and covers aspects of external vulnerability scanning, such as overview of the scan process, scoping an ASV scan, the ASV scan solution, scan reporting, and quality assurance.
  • General Requirements for Scanning
    Reviews contracting, scope for ASV scans, procedures for scan customers and ASVs, and the characteristics of scan solutions.
  • Scan Reporting
    Examines scan report contents, reading and interpreting reports, vulnerability reporting, and the Common Vulnerability Scoring System or CVSS.
  • Scanning Vendor Testing and Approval Process
    Details the testing and approval process for ASV companies.

The course concludes with an online exam.


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.