Do I Need To Use A PCI SSC Approved Scanning Vendor for Internal Scanning And Penetration Testing?

No. You are not required to use an ASV for items from the PCI DSS outside of item 11.2.2.  With that said, it is a very good idea to work with an Approved Scanning Vendor for internal scanning and penetration testing.  Pen-testing for PCI compliance has a few unique elements that general security consultants may not be familiar with.  It would certainly be an unfortunate surprise to submit what you thought was evidence of compliance for the PCI penetration testing requirement to an auditor or your bank and have them tell you it’s not sufficient.  This would obviously be a huge waste of time, money and other valuable resources.

1 Stop PCI Scan is a division of Backbone Security.  With decades of experience and a customer history ranging from small mom-and-pop style shops to large retail organizations and governmental organizations like the FBI, Backbone is equipped to handle all types of security testing.  Leave your PCI security testing to 1 Stop PCI Scan and Backbone and rest assured it will be done right the first time.