Compliance to the PCI DSS standard is mandatory for all entities which store, process or transmit card-holder data associated with Visa, Mastercard, American Express, Discover and JCB. As part of this compliance the council requires organizations to undergo periodic assessments and evaluations.
Vulnerability Assessments and Penetration Testing (VAPT) is a vital part of this requirement. Network Intelligence India provides VAPT services specially directed towards such requirements. Below is our summarized methodology, enumerating the list of activities associated with this PCI DSS requirement.
In addition to the above requirement, PCI DSS mandates many more activities which have to be done periodically with differing frequencies. Each of the requirements have their own set of documentary evidences that needs to kept ready during a PCI DSS audit. For example, Privileged ID Review report, Access reconciliation report etc.
For a full listing such requirements and the their documentary evidences, download the document linked below.
Udit Pathak is a Senior Security Analyst with Network Intelligence India. He has carried out various assignments on Information Security Audits, Web Applications security, Network Security, PCI DSS and ISO 27001.