Carson & SAINT ASV

SAINT ASV (Approved Scanning Vendor) is a PCI DSS compliance scanning service offered by Carson & SAINT. It is designed to help businesses that handle payment card data meet PCI DSS requirements, specifically Requirement 11.2.2, through certified external and internal vulnerability scanning. The service follows a structured scanning workflow: - Device Discovery: Identifies all network-connected devices using Ping and SYN Scan methods. - Service Enumeration: Maps running services on discovered devices, including TCP ports, UDP ports, and web services. - Vulnerability Assessment: Scans for configuration issues, missing patches, and dangerous services. - Validation: Reviews scan results to eliminate false positives, with manual verification and rescanning where needed. - Reporting: Generates an attested network vulnerability report suitable for PCI DSS compliance submission. Scans are managed through a web-based portal where users can initiate scans, monitor vulnerabilities in real time, view reports, and track remediation progress. The service supports a range of target sizes, from a single host to hundreds of targets, and allows unlimited scans. In addition to scanning, SAINT ASV provides dispute assistance if a scan fails, helping organizations work through the dispute and resolution process. The service also covers penetration testing and compliance verification as part of its broader offering. Carson & SAINT holds certified ASV status, meaning its scanning tools and processes meet the standards set by the PCI Security Standards Council for conducting quarterly PCI DSS scans.