CoalfireOne℠ - Scans Newsletter

April 2017 | Volume 6

PCI ASV 3.0 Program Guide

On June 1, 2017, the ASV 3.0 Program Guide will be updated to align with PCI DSS v3.2 and other PCI DSS program documents and provide clarification in response to feedback from ASV, merchant/service provider and acquirer communities.

Coalfire recommends ASV customers to review the ASV 3.0 Program Guide for the upcoming changes and how it will affect future PCI ASV processes.

Major changes include:

  • Increased scan-report retention period from two years to three years to align with ASV Qualification Requirements evidence retention period.
  • Applicable Special Notes are now required to be filled in before being issued a passing scan report. Scans that return "Special Notes" is marked as a fail until the client submits Special Notes, and for an ASV to review them. Detailed information and processes around Special Notes will be provided in the near future!

Multi-Factor Authentication

CoalfireOne now allows for the option of enabling two-factor authentication on a user by user basis. Coalfire strongly encourages the use of multi-factor authentication as a security measure. 

To learn more about CoalfireOne's multi-factor authentication process, click here.

Memorize Your Passwords!

While adhering to proper security policies and procedures, please remember your CoalfireOne account passwords. 

CoalfireOne is no longer allowing passwords to auto-fill. This means you are required to enter your password, each time you log into CoalfireOne

Have a question about CoalfireOne?

The ScanDesk is ready to help. M-F: 6 AM-6 PM MT
650-597-4510 |

<< Go Back


Friendly Reminders

Scan at least Monthly

  • Vulnerabilities are discovered every day. Coalfire recommends you to run automatic scans at least monthly, so you’ll always have the current vulnerability information for your hosts. This also allows those who complete ASV scans to identify vulnerabilities on hosts sooner, allowing for time to remediate before the end of the 90-day period.
Removal of SSL and early TLS
  • “SSL and early TLS have been removed as an example of strong cryptography in the PCI DSS. These protocols will no longer protect cardholder data – and can no longer be used as a security control after June 30, 2016 or June 20, 2018 for Merchants.” – PCI Council.
  • Even though the migration deadline for early TLS is June 20, 2018, a mitigation and migration plan is required to be in place now. As your ASV, a dispute will not be approved unless a migration and mitigation plan has been attested to.

CoalfireOne standard maintenance windows:

Every other Monday
4-6:30 PM PT

Every Thursday
12-3 PM PT