Payment Card Industry (PCI)

Ensure you are protecting the cardholder data you are entrusted with.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.

To meet the requirements of a PCI DSS certified auditor, all material delivered to the auditor follows the guidance specified in PCI DSS Penetration Testing Guidance.

PCI DSS requirement 11.2.1 and 11.2.2 states that internal and external network vulnerability scans must be performed at least quarterly and after any significant change to the environment. The control also requires rescans to be performed until all “high risk” vulnerabilities are resolved in accordance with the entity’s vulnerability management program.

PCI DSS requirements 11.3.1 and 11.3.2 states that penetration testing must be performed at least annually and after any significant infrastructure or application upgrades or modifications. The control also requires exploitable vulnerabilities to be corrected and verified in accordance with the entity’s vulnerability management program.

PCI DSS requirements 11.3.4 requires segmentation testing be performed to verify segmentation methods are operational and effective, and isolate out-of-scope systems from the CDE.

How Continuous Assessments Help You

Continuous Compliance

Helps maintain and provide records of performance past the QSA assessment

Consistent Resourcing

A dedicated resource consistently performs assessment activities

Fixed Fee

Subscription model allows budgeting the project from the start of the cycle

Why Furtim

Continuous testing provides ongoing assurance that security controls are aligned with organizational risk tolerance as well as the information needed to respond to risk in a timely manner should observations indicate that the security controls are inadequate.

customer alice

Ready for Security Assessments as a Service?

Schedule a Demo