According to the PCI Security Standards Council Prioritized Approach document, the Prioritized Approach provides a roadmap of compliance activities based on the risk associated with storing, processing, and transmitting cardholder data. Approved vendors, such as approved scanning vendors (ASV) for vulnerability scanning, must be used and are sometimes included in the requirements.