PCI DSS Requirements
PCI DSS REQUIREMENTS
We can help you check off your PCI DSS checklist.
Are you aware of the newest PCI DSS requirements? The deadline for organizations to adopt PCI DSS 3.2 was February 2, 2018. Are you compliant with the more than 200 line-item requirements? How do you know for certain?
At Redhawk Network Security, we can help you not only achieve PCI compliance, but help you manage and navigate PCI DSS with confidence, improve your security posture, and reduce your overall risk. We are a PCI DSS QSA Company. This means that we have the technical expertise and regulatory experience to help organizations of any size meet compliance. We can help you identify hazards and risk factors that could cause harm and determine the best course of action to mitigate the risks. We can perform PCI DSS compliance audits and, based on those audits’ outcomes, write PCI DSS Reports on Compliance for merchants and service providers. We can also issue formal Attestations of Compliance for individual clients that summarize relevant Report on Compliance data.
We are here to help you check off your PCI DSS checklist to meet compliance:
- Cardholder data environment (CDE) scoping, design, and validation
- The PCI DSS Self-Assessment Questionnaires (SAQs)
- Reports on Compliance (ROCs)
- Cardholder data-focused risk assessments
- Internal vulnerability scanning and remediation
- Provide Approved Scanning Vendor (ASV) scanning, validations, and attestations of compliance
- Vulnerability Management Program that identifies emerging threats and vulnerabilities and prioritizes patches/remediations and includes:
- Internal quarterly—vulnerability scanning, powered by Nessus
- External quarterly vulnerability scanning using Nessus Cloud, with quarterly ASV attestation
- Internal and external vulnerability scanning in conjunction with significant changes
- Penetration Testing against the internet-facing technical attack surface: annual and in conjunction with significant changes
- Internal Penetration Testing against the CDE perimeter: annual and in conjunction with significant changes
- Simplified log retention and analysis provided through SIEM
- Network level segmentation and micro-segmentation of CDE
- CDE Scope reduction and remediation of CDE Scope
- Dedicated PCI QSA to guide your organization through the compliance
We are not only well versed in security and assessments, but we know regulated industries inside and out. At Redhawk Network Security, we can help you navigate the road to PCI compliance, every mile of the way.