VM-05—Approved Scanning Vendor

>Control Description

At least quarterly, Organization engages an Approved Scanning Vendor (ASV) to conduct external vulnerability scans.

Theme

Process

Type

Detective

Policy/Standard

Vulnerability Management Policy

>Implementation Guidance

1. Ensure a process has been defined and documented to conduct ASV scans for PCI envrionments every 90 days. 2. Ensure all findings are remediated and re-scanning is done to maintain compliance.

>Testing Procedure

1. Inspect and validate whether a process has been defined and documented to conduct ASV scans for PCI envrionments every 90 days. 2. Validate for a sample quarter that, if applicable, all findings were remediated and re-scan was done to maintain compliance.

>Audit Artifacts

E-VM-01

E-VM-07

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

FedRAMP Rev 52

PCI DSS2

BSI C52

TX-RAMP1

Ask AI

FedRAMP Rev 5
2

PCI DSS
2

BSI C5
2

TX-RAMP
1