What does PCI DSS Vulnerability Scans include? Scans conducted by Approved Scanning Vendor (ASV) must have following characteristics: Should be non-disruptive and must not include Denial of Service (DOS) or abundance of buffering that might result in trouble in merchant’s business. discovery element must be included in the scan to search for live systems in the network.
Service discovery element must be present in the scan to include both UDP and TCP port scans on every live system. Scans should be able to account for IDS/IPS systems and load balancers and give an accurate view about the security environment of customer, even with the presence of these devices.