SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Schellman is Now a Payment Card Industry Approved Scanning Vendor

News | Payment Card Assessments

 

Schellman is pleased to announce that it is now a Payment Card Industry (PCI) Approved Scanning Vendor (ASV) and can conduct external vulnerability scanning services to validate adherence with the external scanning requirements of the PCI Data Security Standards (DSS).

Schellman has delivered vulnerability scanning and penetration testing services since 2014 and has assisted many clients with their security and compliance requirements around operating system, database, and application scanning, as well as continuous monitoring.  Becoming an ASV expands the breadth of compliance programs that Schellman can assist with.

Schellman has been involved with the PCI programs since 2007, originally being one of the first CPA firms to become a Qualified Security Assessor (QSA).  Since this time, Schellman has become one of the few firms accredited as a QSA for all global regions as well as an assessor in other PCI programs including PA-DSS, P2PE, PIN, 3DS, and most recently the Secure Software Framework (SSF).

“The ASV program has been in place for some time with a variety of technology vendors in the space.  Recently however, our clients have started looking at scanning more holistically as part of a continuous monitoring and compliance strategy whether for PCI, federal cybersecurity like FedRAMP, or other initiatives” said Matt Wilgus, Principal at Schellman.  “For that reason, Schellman decided to add ASV to our suite of services to provide more comprehensive solutions to our clients around threat and vulnerability management.  Additionally, Schellman’s approach to delivering ASV services is unique in that it will be more hands-on and interactive compared to many existing solutions, which are frequently self-service.  Client organizations have told us that the effort and resources required to maintain the program far outweigh the perceived savings in an automated or semi-automated model.”

For more information or to schedule a consultation on ASV scanning, please visit our website at https://www.schellman.com/services/pci-compliance

About MATT WILGUS

Matt Wilgus is a Principal at Schellman, where he heads the delivery of Schellman’s penetration testing services related to FedRAMP and PCI assessments, as well as other regulatory and compliance programs. Matt has over 20 years’ experience in information security, with a focus on identifying, exploiting and remediating vulnerabilities. In addition, he has vast experience enhancing client security programs while effectively meeting compliance requirements. Matt has a strong background in network and application penetration testing, although over the past 10 years most of his focus has been on the application side, with extensive experience testing some of the most well-known IaaS, PaaS and SaaS providers.