CoalfireOne℠ Scanning Services and Support

The CoalfireOne platform provides the products and services that you need to more easily and efficiently manage your vulnerability scanning requirements. Utilizing our project-enabled scanning, you can quickly configure and manage your needs for internal and external vulnerability scanning, and specific regulatory scanning needs for PCI Authorized Scanning Vendor (ASV) requirements.

Internal and External Scanning

Scale large complex environments

The CoalfireOne scanning platform is robust and can scale to support large enterprise environments up to 1,000,000 internal targets and 100,000 external targets.

Manage your scans as a continuous project

Setup and configure projects to manage all your scanning needs. Scheduling your scans is as easy as creating a meeting in Outlook.

Dashboard and Overview

Our overview dashboard surfaces the most important information, highlighting what to do right away. Our intelligence engine will reduce the arduous task of meeting compliance, helping you discover the most important items to research and remediate to meet your compliant status.

Project level access control

Supports large complex enterprises that need to keep data segmented. Manage various scanning projects and delegate access and control to those individuals with a need to know.

Manage your in-scope assets

Import and setup scanning assets/targets. Quickly add and remove thousands of targets in bulk, see the schedules they are associated with, and get them scheduled in bulk.

View impacts to hosts

View aggregated information for individual hosts and vulnerabilities. Quickly get a view into the size and potential threats by seeing the entire picture.


In addition to everything the Internal and External scanning solutions offer, our ASV scanning solution is your easiest path to compliance. Our new platform is the most comprehensive ASV solution on the market. We can help you organize your ASV program, resulting in running fewer scans and managing fewer disputes, making it less tedious and time-consuming to reach compliance.

Leverage ASV-certified experts

Access to the CoalfireOne Scanning Services team is included with your subscription. Our ASV-certified professionals can help you understand compliance and how you can manage risk. As certified PCI ASVs we are authorized to provide guidance for the PCI scanning requirements, assist in determining scope, and work with you to address remediation or dispute of discovered vulnerabilities.

Submit and manage disputes efficiently

Handling most reoccurring disputes, which typically take days to complete, and manage them in minutes. CoalfireOne helps you focus on the newest findings, by associating formerly disputed findings, and making them accessible for resubmission, keeping your workload small and your quarterly compliance easy to manage.

Manage special hosts and notes

Reduce redundant efforts with documenting special notes, for every scan, to just a few minutes every year.

View vulnerability pass/fail information

Gain the ability to parse through the data according to your desired workflow. Understand what the vulnerability is, why it’s there, and get recommendations on how to fix it.


Generate reports for each of your project-enabled scans, including multiple AOSC’s.

Full-service vulnerability scans

The CoalfireOne Scanning Services Team manages your vulnerability scans using CoalfireOne, allowing unlimited rescans on demand throughout the subscription. We handle everything from setting up your scans, ensuring your scans are complete, analyzing results, submitting disputes, and providing a passing attestation.

The CoalfireOne Scanning Services Team becomes subject matter experts work directly with your organization’s personnel to scan your in-scope environment. The benefits include:

  • Reducing costs - Save your organization the cost of hiring full-time employees.
  • Strengthening team - Reduce the burden and increase staff productivity by refocusing them on priority business.
  • Scheduling regular scans - Simplify PCI compliance by reducing the risk of missing quarterly compliance requirements.

Self-service vulnerability scans

You will self-manage vulnerability scans using CoalfireOne Scans, allowing unlimited rescans on demand throughout the subscription. Access to the CoalfireOne Scanning Services Team is available for support as needed.

Coalfire provides you with access to CoalfireOne Scans, our proprietary and powerful internal, external, and ASV self-service vulnerability scans platform to help you easily identify vulnerabilities. The benefits include:

  • Staying ahead of adversaries - Manage scans from a secure dashboard for a range of organizational IP addresses.
  • Scheduling scans - Scan when needed – on-demand or on a predetermined schedule to meet a deadline.
  • Helping address vulnerabilities - Manage findings, remediation, and disputes online with assistance from PCI-certified ASV assessors, all within the user-friendly CoalfireOne Scans portal.

Scans Newsletter- October 1, 2019

Scans Notification- September 17, 2019

Scans Newsletter - July 1, 2019

Scans Notification - May 9, 2019

Scans Newsletter - April 1, 2019

Scans Notification - March 19, 2019

Scans Notification - March 7, 2019

Scans Notification - February 14, 2019

Scans Newsletter - January 10, 2019

Scans Newsletter - October 4, 2018

Scans Newsletter - April 3, 2018

Scans Newsletter - January 10, 2018

Scans Newsletter - October 2, 2017

Scans Newsletter - July 11, 2017

Scans Notification - June 14, 2017

Scans Newsletter - April 4, 2017

Scans Newsletter - January 10, 2017

Scans Newsletter - October 21, 2016

Scans Newsletter - August 8, 2016

Scans Newsletter - April 18, 2016

Introducing Our New Scanning Platform, CoalfireOne Scans

April 03, 2019, Beck Larson, Director, Coalfire Labs

As you may be aware by now (considering previous blog posts, ongoing walk-through webinars, and our press release), we released Coalfire’s brand new vulnerability scanning platform, CoalfireOne Scans, this morning. All of us here at the CoalfireOne Scanning Services Team are truly excited to see its many improvements around overall user experience, particularly the significantly reduced time spent on dispute cycles and the ability to create custom reporting. The new platform, which provides our PCI Approved Scanning Vendor (ASV) service featuring internal and external scans while enabling easy collaboration and project management, will provide users with smooth navigation, a robust database to ensure fast processing speeds, and scalable IP scanning capabilities. Read more

Update to Microsoft Checks

March 14, 2019, Travis Finn, Consultant, CoalfireOne Scanning Services

Part of the glamorous life of an ASV involves a rigorous Quality Assurance program to ensure that we are the best ASV's we can possibly be. Some of those efforts are not as readily apparent to our clients as others; but on some occasions, we like to share when our work directly benefits those who trust Coalfire to help reduce their risk and simplify compliance. Read more

Enabling Clients to Cope with ASV Scans

February 22, 2019, Marco Brown, Associate, CoalfireOne Scanning Services

Gathering evidence, applying patches, and configuring your systems in preparation for submitting your vulnerability disputes can be a nerve-wracking and daunting task. To better enhance your understanding of the Approved Scanning Vendor (ASV) process, I’ve outlined some coping mechanisms and tools to use. Read more

Scan Interference

January 18, 2019, James Cox, Support Analyst, CoalfireOne Scanning Services, Coalfire

Scan interference is best defined as when traffic from our scanners gets blocked, filtered, dropped, or modified in response to some sort of active protection system not recognizing our traffic. Once our scanners are flagged as an intruder, the client’s environment is no longer accessible, which causes the scan to fail. In order to ensure that reliable scans can be conducted, our scanners must be allowed to perform scanning without this interruption.. Read more

CoalfireOne Special Notes

January 08, 2019, Erica Woods, Associate, Commercial Services, Vulnerability Assessments and Scanning, Coalfire

PCI-DSS can be challenging  to navigate – particularly when it comes to the ASV scanning requirements.  While fulfilling the scanning requirement is easy, obtaining a passing  attestation report may involve more than simply remediating failed findings.  One requirement that we receive many questions about is Special Notes. Read more

Reconciling Quarterly ASV and QSA Scanning Requirements

February 02, 2017, Rebecca Larson, ScanDesk Director, Coalfire

In the compliance realm, the term “quarterly” seems to be a sound and straight-forward term used to provide guidance and to aid entities in adhering to requirements. However, it’s meaning can vary based on its context in relation to dealing with various compliance requirements from your ASV and QSA. Read more

Coalfire is proud to contribute content to Security Weekly, a security podcast network that provides free content about IT security news, vulnerabilities, hacking, and research. View latest podcast below.