Skip to content

Compliance

PCI DSS Assessments

Payment Card Industry Data Security Standard

What we assess

What your PCI DSS test covers

We scope your cardholder data environment correctly and run the testing PCI DSS requires, handing your QSA evidence they will accept rather than a raw scan.

Requirement 11: Testing

The penetration testing and segmentation testing PCI DSS mandates, done to the standard your QSA expects.

We test for

  • External and internal penetration testing
  • Segmentation testing
  • Quarterly scan support
  • Remediation and retest

Cardholder Data Environment

Whether your CDE is correctly scoped and isolated from the rest of your network.

We test for

  • CDE scope validation
  • Segmentation and isolation
  • Data flow verification
  • Out-of-scope confirmation

Access & Authentication

Controls over who can reach cardholder data and how they prove identity.

We test for

  • Access control and least privilege
  • Multi-factor authentication
  • Default and weak credentials
  • Account management

Secure Configuration

Whether systems handling card data are hardened against known weaknesses.

We test for

  • System hardening baselines
  • Patch and vulnerability status
  • Insecure services and protocols
  • Logging and monitoring

How it works

How your engagement runs

From scope through the final retest, your team stays in the loop at every step, with findings tracked live in our platform.

  1. 01

    Scope the CDE

    We validate your cardholder data environment and segmentation for PCI scope.

  2. 02

    Req 11 testing

    Internal, external, and segmentation testing to the standard QSAs expect.

  3. 03

    QSA report

    Findings aligned to PCI requirements, given as evidence your QSA accepts.

  4. 04

    Fix & retest

    Close the findings, then run a free retest before your assessment window.

FAQ

Frequently asked questions

What teams most often ask before PCI DSS testing.

Still have questions?
01What does PCI DSS require for penetration testing?

Requirement 11 calls for internal and external penetration testing at least annually and after significant changes, plus segmentation testing where segmentation is used to reduce scope. We cover all of it to the standard your QSA expects.

02How often do we need to test?

At least once a year, and after any significant change to your cardholder data environment. Quarterly vulnerability scans are also required, and we can support those.

03Will your report satisfy our QSA?

Yes. We deliver a report aligned to PCI requirements with the evidence your QSA needs, not a raw scanner dump.

Ready to test your defenses?

Talk to our team about what your PCI DSS compliance requires.

Get a Fixed-Scope Quote

Tell us what you need tested. We reply within one business day.