PCI ASV Services

PCI (Security Standards Council) SSC approval allows organizations to perform vulnerability scans of merchants and service providers with Internet facing environments under the PCI Data Security Standard (DSS).


Having a set of security tools and services (scan solution), ASV (Approved Scanning Vendors) is an association performing external vulnerability scanning services in order to certify the compliance with the external scanning mandates of PCI DSS Requirement 11.2.2. Prior to the inclusion of an ASV to PCI SSC’s List of Approved Scanning Vendors, the scanning vendor’s ASV scan solution undergoes testing and approval by PCI SSC.


  • UL’s laboratory in California (formerly known as Infogard) is one of only two laboratories in the world chosen by the Payment Card Industry Security Standards Council (PCI SSC) to validate the capabilities and performance of PCI ASVs. 
  • To support the validation process, UL has established a test infrastructure comprising a network of multiple targets with vulnerabilities that can be detected by deploying network vulnerability scanning methodologies.

Services Include

PCI ASV Validation

Candidate ASVs first perform a scan of the test infrastructure, and then submit a detailed report to UL for an assessment of the infrastructure's performance based on PCI requirements. Assessments are submitted to the PCI SSC, which determines whether to grant Approved Scanning Vendor status. The PCI SSC has sole ASV approval authority.