COMPLIANCE

PCI DSS Requirements

We can help you check off your PCI DSS checklist.

Are you aware of the newest PCI DSS requirements? The deadline for organizations to adopt PCI DSS 3.2 was February 2, 2018. Are you compliant with the more than 200 line-item requirements? How do you know for certain?

At STN, we can help you not only achieve PCI compliance, but help you manage and navigate PCI DSS with confidence, improve your security posture, and reduce your overall risk. We are a PCI DSS QSA Company. This means that we have the technical expertise and regulatory experience to help organizations of any size meet compliance. We can help you identify hazards and risk factors that could cause harm and determine the best course of action to mitigate the risks. We can perform PCI DSS compliance audits and, based on those audits’ outcomes, write PCI DSS Reports on Compliance for merchants and service providers. We can also issue formal Attestations of Compliance for individual clients that summarize relevant Report on Compliance data.

We are here to help you check off your PCI DSS checklist to meet compliance:

1 Cardholder data environment (CDE) scoping, design, and validation

2 The PCI DSS Self-Assessment Questionnaires (SAQs)

3 Reports on Compliance (ROCs)

4 Cardholder data-focused risk assessments

5 Internal vulnerability scanning and remediation

6 Provide Approved Scanning Vendor (ASV) scanning, validations, and attestations of compliance

7 Vulnerability Management Program that identifies emerging threats and vulnerabilities and prioritizes patches/remediations and includes:

Internal quarterly—vulnerability scanning, powered by Nessus
External quarterly vulnerability scanning using Nessus Cloud, with quarterly ASV attestation
Internal and external vulnerability scanning in conjunction with significant changes

8 Penetration Testing against the internet-facing technical attack surface: annual and in conjunction with significant changes

9 Internal Penetration Testing against the CDE perimeter: annual and in conjunction with significant changes

10 Simplified log retention and analysis provided through SIEM

11 Network level segmentation and micro-segmentation of CDE

12 CDE Scope reduction and remediation of CDE Scope

13 Dedicated PCI QSA to guide your organization through the compliance

We are not only well versed in security and assessments, but we know regulated industries inside and out. At STN, we can help you navigate the road to PCI compliance, every mile of the way.