The ASV Program Guide includes guidance on which topics?

• A. Marketing guidelines for ASVs.
• B. Hardware procurement guidelines for PCI hardware.
• C. Scan customer responsibilities and scan preparation.
• D. Employee onboarding guidelines for PCI staff.

Answer: (C)

The main focus is on how vulnerability scanning for PCI DSS is conducted, including the responsibilities of the customer and how to prepare for a scan. The ASV Program Guide walks through what the customer must do to get a scan ready—identifying in-scope assets, ensuring scanners can reach systems, configuring network access and firewall rules, providing any required credentials, and what evidence is needed for validation. It emphasizes preparing the environment so scans are accurate, repeatable, and timely, and it describes steps around scheduling and retesting after remediation. Other topics like marketing guidelines, hardware procurement, or internal onboarding aren’t part of the vulnerability scanning process or the PCI DSS assessment framework, so they aren’t covered in the ASV Program Guide.