Compliance
PCI DSS Assessments
Payment Card Industry Data Security Standard
What we assess
What your
PCI DSS test covers
We scope your cardholder data environment correctly and run the testing PCI DSS requires, handing your QSA evidence they will accept rather than a raw scan.
Requirement 11: Testing
The penetration testing and segmentation testing PCI DSS mandates, done to the standard your QSA expects.
We test for
- External and internal penetration testing
- Segmentation testing
- Quarterly scan support
- Remediation and retest
Cardholder Data Environment
Whether your CDE is correctly scoped and isolated from the rest of your network.
We test for
- CDE scope validation
- Segmentation and isolation
- Data flow verification
- Out-of-scope confirmation
Access & Authentication
Controls over who can reach cardholder data and how they prove identity.
We test for
- Access control and least privilege
- Multi-factor authentication
- Default and weak credentials
- Account management
Secure Configuration
Whether systems handling card data are hardened against known weaknesses.
We test for
- System hardening baselines
- Patch and vulnerability status
- Insecure services and protocols
- Logging and monitoring
How it works
How your engagement runs
From scope through the final retest, your team stays in the loop at every step,
with findings tracked live in our platform.
- 01
Scope the CDE
We validate your cardholder data environment and segmentation for PCI scope.
- 02
Req 11 testing
Internal, external, and segmentation testing to the standard QSAs expect.
- 03
QSA report
Findings aligned to PCI requirements, given as evidence your QSA accepts.
- 04
Fix & retest
Close the findings, then run a free retest before your assessment window.
Resources
Field notes from the offensive side
Offense in Depth in Red Team Operations
Defense in depth layers protection. Offense in depth layers attack paths so a red team still reaches its objective when one route fails. Here is how it works.
Security Between Penetration Tests
An annual pentest covers two weeks and leaves fifty uncovered. Here is how to secure the rest of the year without waiting for the next scheduled engagement.
The Limits of AI in Penetration Testing
AI is changing penetration testing, but it will not replace human testers. Here is what it does well, where it falls short, and why judgment still wins.
Want to see a real report first?
Request a redacted sample report before you scope an engagement.
01What does PCI DSS require for penetration testing?
Requirement 11 calls for internal and external penetration testing at least annually and after significant changes, plus segmentation testing where segmentation is used to reduce scope. We cover all of it to the standard your QSA expects.
02How often do we need to test?
At least once a year, and after any significant change to your cardholder data environment. Quarterly vulnerability scans are also required, and we can support those.
03Will your report satisfy our QSA?
Yes. We deliver a report aligned to PCI requirements with the evidence your QSA needs, not a raw scanner dump.
Ready to test your defenses?
Talk to our team about what your PCI DSS compliance requires.
Get a Fixed-Scope Quote
Tell us what you need tested. We reply within one business day.
Thanks, we've received your message.
We'll be in touch shortly.