PCI-DSS Compliance

This service addresses the ongoing internal and external vulnerability scanning, pen testing, and wireless testing requirements of PCI along with completion of questionnaires and attestations. Illumant determines the applicable PCI-DSS requirements for each client based on transaction volume, credit card handling processes, and partner relationships. We prepare the relevant self-assessment questionnaire (SAQ) and any applicable attestations of compliance (AOCs). We address approved scanning vendor (ASV) requirements, and conduct all internal vulnerability assessments, penetration testing, and quarterly wireless security assessments. Internal assessments are handled remotely via supplied appliance. The PCI-C helps protect cardholder data, and simplifies on-going compliance with all the requirements of PCI. We can also assist with updates to and initial development of security and PCI-related policies and procedures.


Highlights

  • Enumeration of client-specific PCI compliance requirements
  • Preparation of annual SAQs and AOCs
  • Addresses quarterly ASV requirements
  • Quarterly internal vulnerability assessments
  • Annual external/internal penetration testing requirements
  • Quarterly wireless security assessments
  • Management of remediation to achieve/maintain requirements
  • Retesting and validation
  • Updates to or initial development of policies and procedures

Targets

  • Credit card information
  • Cardholder data environment (CDE)
  • Policies and procedures
  • In-scope servers, firewalls, routers, and workstations
  • External and internal systems
  • Network segregation
  • Rogue wireless access points/networks

SAQ AOC ASV vulnerability assessment wireless secutiry assessment penetration testing

credit card data cardholder data enviroment CDE perimeter internal servers routers firewalls VLANs workstations wireless rogue access points payment gateway virtual terminal point-of-sale POS

PCI-DSS

Detailed Description
The PCI-DSS Compliance Service (PCI-C) addresses the compliance concerns of small and medium size business that process credit card transactions. These businesses are required to comply with payment card industry data security standards (PCI DSS, currently version 3.1).

Navigating PCI-DSS compliance by one-self is challenging. There are many obscure and lengthy documents to read and prepare. And there are many technical assessment activities that may be outside the core competency or bandwidth of a client’s team. The PCI-C helps guide the client toward compliance as painlessly as possible, minimizing uncertainty and saving internal bandwidth (on learning and execution).

Illumant will help identify and complete the appropriate self-assessment questionnaires (SAQ A, B, C, C-VT, D, E), and will help prepare any necessary Attestations of Compliance (AOCs). Specific remediation advice and recommendations will be provided in the event that gaps are discovered. Illumant will help manage and monitor remediation activities.

Illumant will also help address all ongoing testing activities:
  • Quarterly scans by an Approved Scanning Vendor (ASV) – there are many service vendors. Illumant has relationships with the best-of-breed. If the client does not already have a vendor, Illumant will help select one and set-up the scans
  • Quarterly internal vulnerability assessment – Illumant will perform quarterly internal vulnerability assessments on the client’s CDE
  • Annual external/internal penetration testing – Illumant will perform annual external and internal penetration testing against the CDE
  • Quarterly wireless security assessment – on a quarterly basis, Illumant will scan for rogue wireless access points connected to the CDE
All testing will be performed remotely vis-à-vis an on-site appliance to minimize disruption to the client. Retesting will be performed to ensure issues and risks have been remediated.

In short, Illumant will identify and prepare all necessary compliance documentation (SAQs and AOCs). Illumant will help manage any remediation activities. Illumant will address all testing requirements. Illumant will coordinate and manage your PCI compliance activities to make it easier for you to achieve and maintain compliance and protect your credit card data.