PCI DSS § 11.2
requires internal and external vulnerability scans at least quarterly and after any significant changes. The external scans must be done by a PCI Approved Scanning Vendor (ASV).
TECH LOCK is a PCI ASV - click here
to schedule your quarterly vulnerability scan!
NIST SP800-53 § RA-5
requires scans to be conducted on a regular basis, and when new potential vulnerabilities are identified.
ISO 27002 § 12.6.1
requires that vulnerabilities be identified on a timely basis, and § 15.2.2
requires technical compliance checking.