The PCI Security Standards Council (PCI SSC) has published a Resource Guide: Vulnerability Scans and Approved Scanning Vendors
What is a Vulnerability Scan?
A process for identifying security weaknesses and flaws in systems and software. New vulnerabilities, security holes, and bugs are being discovered daily. Test your systems regularly to identify weaknesses and address them as soon as possible.
What is an Approved Scanning Vendor (ASV)?
ASVs are qualified by PCI SSC to provide security services and tools (the “ASV scan solution”) for external vulnerability scans. PCI DSS Requirement 11.3.2 requires evidence of passing external vulnerability scans, performed by an ASV, at least once every three months.
SOURCE: PCI SSC website
