← All frameworks Finance & Payments

PCI-DSS penetration testing.

Annual internal and external penetration testing for organizations that store, process, or transmit cardholder data — scoped to Requirement 11.4 of PCI-DSS 4.0.1.

$ cat pci-dss-4.0.1.txt

What PCI-DSS actually requires.

$ ls /pci/services

How this maps to what we do.

External & Internal Testing

Both halves of Requirement 11.4 — testing your internet-facing systems and your internal network, scoped to what actually touches the CDE.

Segmentation Testing

For service providers: verifying your segmentation controls actually isolate the CDE, on the twice-yearly cadence PCI-DSS requires.

Retest After Remediation

Findings get retested once fixed — so the report you hand your QSA reflects what's actually true, not what was true when we started.

Assessment window coming up?

Tell us your CDE scope and your QSA's timeline — we'll fit the testing to it.

Request an assessment