PCI DSS ASV Scan Service needs to be performed on all Internet-facing IP addresses and/or domains of merchant of service provider. In some cases, Companies may have a large number of IP addresses available while only using a small number for card acceptance or processing. In these cases, we help merchants and service providers define the appropriate scope of the scan required to comply with the PCI DSS requirements.
Our ASV Solution tests all IT assets and recommends valuable mitigation steps to comply with PCI DSS requirements. Our ASV solution follows below measures:
• Non-disruptive Nature – It provides only tests that do not damage the customers’ systems or data.
• Platform Independence.
All scans are performed by Ingram Micro team using legitimate ASV solutions.
Step 1: Scope Validation:
Customers provide us a list of all Internet-facing IP addresses and/or IP address ranges to be scanned. Ingram Micro team will validate the scope of the target list and conducts network probing to determine which hosts and services are active. Ingram Micro team will perform following activities:
• Ping sweeps, port scans, and route tracing
• Foot printing of networks and systems
• Searches for internet domain name registration
• Searches for internet registry numbers
• Domain name service (DNS) lookups
Step 2: Performing ASV Scan
Ingram Micro team will validate targets within the IP address range listed in scope and initiates ASV Scan. Based on the customer requirement and PCI DSS requirements, scans are performed in scheduled basis.
Step 3: Vulnerabilities & Gap analysis
In gap analysis, Ingram Micro team will learn about the environment and determines vulnerabilities that are present. Some vulnerabilities will be apparent by just using the information learned from the first two steps. However, many vulnerabilities can only be investigated with probe-and-response testing. In this type of test, Ingram Micro team will send data to a service or application and look for a certain response that indicates the presence of a vulnerability.
Step 4: Reporting
After analysis of vulnerabilities and identification of gaps, Ingram Micro team will provide a detailed report of security issues found in the network which lead to non-compliance of PCI DSS requirements. Recommendations are also provided to follow PCI DSS requirements.
Upon completion of the PCI DSS ASV Scan Service, a detailed report will be sent to client, including the following:
Executive Summary: Summary of overall compliance status and compliance details of each vulnerability whether true of false are provided.
Findings: A detailed, technical explanation of the findings of the scan along with recommendation will be given.
Conclusion & Recommendations: This section provides final recommendations and summary of the issues found during the security assessment.
The PCI DSS ASV Scan on about 10 External IT Assets can be completed in two business days.