For Internet-facing IP addresses, there are a number of ways to perform a scan on a system. Should PCI compliance be in the roadmap, this becomes a requirement. This is increasingly relevant as PCI DSS 2.0 has been released and becomes effective January 1, 2011.
There are a number of factors that go into getting a PCI scan for an Internet-facing IP address. The first is the requirement that they are performed by an external party that is an Approved Scanning Vendor (ASV). Recently, I gave the QualysGuard PCI service a test drive for performing a scan of a system in my personal lab.