Cybersecurity Compliance

The Payment Card Industry (PCI) Security Standards Council (SSC) is a global forum founded in 2006 by the five major card brands: American Express, Visa, Mastercard, Discover, and JCB International. The mission of the PCI SSC is to develop standards and supporting services to drive education, awareness, and effective implementation by stakeholders to combat the increase of identity theft and credit card abuse. The PCI Data Security Standard (DSS) is a standard in place to secure an environment that stores, processes, and/or transmits cardholder data. This standard is comprised of technical and administrative controls.

Elliott Davis is a Qualified Security Assessor (QSA) Company and certified to perform PCI assessments. Whatever size or PCI requirement your business is in need of, Elliott Davis can assist.

Solutions

Twelve Requirements of PCI DSS

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need to know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

Services

  • PCI DSS Certification Assessment Report on Compliance (RoC) and corresponding Attestation of Compliance (AoC)
  • Self-Assessment Questionairre (SAQ) Assistance completed and signed by a QSA
  • PCI Compliance Gap Analysis
  • PCI Advisory and Planning
  • PCI Compliance Services

-Risk Assessment

– Policy and procedure development

– Quarterly Internal Vulnerability Scanning

– Quarterly External Authorized Scanning Vendor (ASV) Scanning

– Penetration Testing: Internal, External, and Network Segmentation

– Firewall and device configuration reviews