I have worked in the network / systems security industry for a number of years and have recently the last couple of years been helping companies meet requirements for PCI. I have been thinking about it for some time and have decided to possibly consider starting my own ASV service but I was wondering what the requirements actually are to be considered ASV? Are other services running truly custom scanning apps for let’s say Quarterly scans or are they just using particular vendors customized for their sites? I apologize if this question has been asked before but I have searched the web and this forum for quite awhile and still have found no real answer to this question. Any links to PCI related documentation would also be appreciated.

Thanks!

Gary

https://www.pcisecuritystandards.org/qsa_asv/become_asv.shtml