Variances between the PCI DSS and an organization’s currently established policies and practices detected in the gap assessment need to be addressed. Any entity that accepts payment card transactions must be compliant with all 12 elements of the PCI Data Security Standard.
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
SMT provides individual services for implementing missing elements of an organization’s security policies to match that of the PCI DSS. Remediation is achieved when solutions and sound policies are implemented that fully address and satisfy the compliance requirements.
Client Remediation Workshop Projects
SMT offers workshops to dive deep into the data security standard – allowing you to select the right technologies and architecture to attain and maintain the PCI DSS.
PCI DSS Policies and Procedures
SMT helps you complete the gaps in your documentation and review the policies, procedures, and processes of your business.
External ASV Scans in a PCI DSS Scoped Environment
As an ASV, SMT is able to perform external vulnerability scans in accordance with PCI DSS requirement 11.2. These scans provide a consistent outlook over an organization’s security posture – identifying the potential threats to their IT system.
Internal Scans of a PCI DSS Scoped Environment
SMT can handpick the appropriate internal scanning solutions for any given network – providing you with the best flexibility and efficacy and ensure that Requirement 11.2 of the PCI Data Security Standard is met.
External Penetration Testing of a PCI DSS Scoped Environment
External penetration testing services simulate an external attack of your IT system environment. As those attacks are extremely common, it is of paramount importance that a strong barrier is built to counter them. Simulating these attacks identifies weaknesses and exposes vulnerabilities – helping organizations protect themselves from the potentially devastating corruption or theft of sensitive data. External Penetration Testing also produces valuable reports, which can be used to confirm to a QSA that your systems have been well developed, deployed, and maintained.
Internal Penetration Testing of a PCI DSS Scoped Environment
Similar to external penetration testing, internal penetration testing is used to identify weakness and expose vulnerabilities, except it is from within the IT system. Internal penetration testing also produces valuable reports, which can be used to confirm to a QSA that your systems have been well developed, deployed, and maintained.
Cardholder Data Discovery
Using industry leading scanning applications designed to audit an organizations storage practices of Cardholder Data (CHD), SMT analyses the results and produces a report on any cardholder data at rest on servers, workstations, or other storage systems.