PCI DSS Requirements

PCI DSS Requirements

We can help you check off your PCI DSS checklist.

Are you aware of the newest PCI DSS requirements? The deadline for organizations to adopt PCI DSS 3.2 was February 2, 2018. Are you compliant with the more than 200 line-item requirements? How do you know for certain?

At STN, we can help you not only achieve PCI compliance, but help you manage and navigate PCI DSS with confidence, improve your security posture, and reduce your overall risk. We are a PCI DSS QSA Company. This means that we have the technical expertise and regulatory experience to help organizations of any size meet compliance. We can help you identify hazards and risk factors that could cause harm and determine the best course of action to mitigate the risks. We can perform PCI DSS compliance audits and, based on those audits’ outcomes, write PCI DSS Reports on Compliance for merchants and service providers. We can also issue formal Attestations of Compliance for individual clients that summarize relevant Report on Compliance data.

We are here to help you check off your PCI DSS checklist to meet compliance:
1  Cardholder data environment (CDE) scoping, design, and validation
2  The PCI DSS Self-Assessment Questionnaires (SAQs)
3  Reports on Compliance (ROCs)
4  Cardholder data-focused risk assessments
5  Internal vulnerability scanning and remediation
6  Provide Approved Scanning Vendor (ASV) scanning, validations, and attestations of compliance

7  Vulnerability Management Program that identifies emerging threats and vulnerabilities and prioritizes patches/remediations and includes:

  • Internal quarterly—vulnerability scanning, powered by Nessus
  • External quarterly vulnerability scanning using Nessus Cloud, with quarterly ASV attestation
  • Internal and external vulnerability scanning in conjunction with significant changes
8  Penetration Testing against the internet-facing technical attack surface: annual and in conjunction with significant changes

9  Internal Penetration Testing against the CDE perimeter: annual and in conjunction with significant changes

10  Simplified log retention and analysis provided through SIEM
11  Network level segmentation and micro-segmentation of CDE
12  CDE Scope reduction and remediation of CDE Scope
13  Dedicated PCI QSA to guide your organization through the compliance

We are not only well versed in security and assessments, but we know regulated industries inside and out. At STN, we can help you navigate the road to PCI compliance, every mile of the way.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up with your name and email address below to receive our newsletter!

Get in touch

Schedule your risk-free consultation.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2021 STN Inc. All Rights Reserved.