ASV stands for which type of vendor?

In PCI DSS, the term stands for Approved Scanning Vendor. These are organizations that have been approved by the PCI Security Standards Council to perform external vulnerability scans of merchants’ internet-facing systems. The reason this is the best answer is that PCI DSS requires external vulnerability scans to be conducted by an official ASV, ensuring the scans meet standardized methods and reporting so that evidence of compliance (for requirement 11.2) is reliable and consistent. The other options aren’t recognized terms in this context—for example, there isn’t an Automated Scanning Validator, Accredited Security Validator, or Application Scanning Vehicle in PCI terminology. An ASV specifically provides external vulnerability scanning services and submits scan reports that validate compliance.