For each target in your account, we offer three scan policies designed to give you flexibility. You can manage scan policies per target by going to the target settings page, or in bulk on the Targets -> List page.
Light (default) - This non-invasive scan policy includes Firewall Scanning, Technology Scanning, and Website Scanning. It is perfect for third-party managed assets and platform-hosted websites where server vulnerabilities are out of scope.
Standard - This scan policy includes all scans in Light, plus server vulnerability scanning to identify common vulnerabilities and exposures (CVEs).
Compliance - This scan policy includes all scans in the Standard policy with extra checks for PCI ASV compliance. This scan policy is required for all targets you want to use in generating ASV reports.
The Compliance scan policy is only available if you have the Compliance Reporting add-on.