PAYMENT CARD INDUSTRY

PCI – DSS SECURITY AND COMPLIANCE SERVICES

OVERVIEW

As a merchant, your most valuable resource is your customer data. A flood of mega-breaches in the last few years shows the importance of proactive, professional managed security for all merchants.

Anitian has deep experience with PCI compliance. So much, in fact, that AWS requested we write their official workbook on PCI compliance in the AWS Cloud, which you can find right here. 

From secure machine images, to entire PCI environments, to painless compliance and audits, Anitian and Sherlock Compliance Automation have the easy answer for anyone dealing with serious payment card requirements.

As a PCI Qualified Security Assessor Company (QSAC), Anitian can assess and formally certify your efforts to comply with the Payment Card Industry Data Security Standard (PCI DSS). We offer a comprehensive suite of PCI services, with an emphasis on companies moving their workloads to the cloud.

GAP ASSESSMENT
EI3PA Gap Assessments are the ideal place to begin your compliance efforts. Gap Assessments quickly identify the areas of non-compliance and point out ways to correct those issues.

An Anitian EI3PA Gap Assessment includes:

  • Formalized planning, research, and preparation
  • Interactive and collaborative discussions
  • Review of the scope of compliance
  • Review of segmentation efforts  Technical controls review
  • Policy and procedure review  Reporting and issue cataloging
  • Formulation of an Action Plan, providing you with a roadmap to achieving compliance
  • Post-assessment discussions, planning, and guidance
EI3PA ASSESSMENT & REPORT ON COMPLIANCE (ROC)

An Experian Independent Third-Party Assessment (EI3PA) is a necessity for any organization that handles credit data for Experian. Rather than build a unique standard, Experian chose to leverage the Payment Card Industry’s Data Security Standard (PCI DSS) for protection of cardholder data, applying those same requirements to Experian credit data. Because Anitian is a Qualified Security Assessor Company (QSAC) for PCI compliance, Anitian is also authorized to perform formal EI3PAs. With decades of experience in compliance and information security, Anitian is the ideal choice to meet EI3PA compliance requirements.

A formal EI3PA provides an official stamp of compliance. As a Qualified Security Assessor Company (QSAC), Anitian is certified to validate EI3PA compliance for all organizations that handle credit data.

An Anitian EI3PA Assessment & Report on Compliance includes:

  • Formalized planning, research, and preparation
  • Establishment of the scope of compliance
  • Review of network diagrams and data flows
  • Analysis of applications, databases, and systems for required controls
  • Assessment of policies and procedures for alignment with requirements
  • Analysis of storage, transmission, and usage of payment card data
  • Performance of collaborative facilitated discussions
  • Review of efforts to segment and isolate in-scope systems
  • Review of required penetration tests and scans
  • Completion of Report on Compliance documentation in accordance with the PCI Security Standards Council’s guidelines
  • “Real-time” quality assurance of assessment
  • Issuance of Report on Compliance
  • Issuance of Attestation of Compliance
  • Issuance of a Compliance Certificate and Attestation Letter
  •  Assistance with required reporting agencies
VULNERABILITY SCANNING (ASV SCANS)
To meet EI3PA requirements, all organizations must conduct regular external network scans from an Approved Scanning Vendor (ASV). Anitian has partnered with Qualys to provide a cost-effective, universally recognized ASV scanning service.

Features of the ASV Scans service include:

  • Quick setup, online in hours
  • Unlimited scans, no per-use charges
  • Easy, step-by-step setup
  • Complete SaaS solution, no software to deploy
  • 24-hour support  Detailed remediation assistance
  • Online completion of Self-Assessment Questionnaires
  • Affordable, expandable, flexible
QSA CONSULTANT SERVICES
To meet EI3PA requirements, all organizations must conduct regular external network scans from an Approved Scanning Vendor (ASV). Anitian has partnered with Qualys to provide a cost-effective, universally recognized ASV scanning service.

Features of the ASV Scans service include:

  • Quick setup, online in hours
  • Unlimited scans, no per-use charges
  • Easy, step-by-step setup
  • Complete SaaS solution, no software to deploy
  • 24-hour support  Detailed remediation assistance
  • Online completion of Self-Assessment Questionnaires
  • Affordable, expandable, flexible
REMEDIATION SERVICES
One of the benefits of working with Anitian is that, in addition to being able to conduct QSA assessments, we also have a complete staff of technology integrators. This gives us a real “nuts & bolts” view of EI3PA compliance. We know exactly how to implement necessary controls, technologies, and practices to meet EI3PA requirements.

Our Remediation Services include implementation, optimization, and testing of the following:

  •  Firewalls / UTM / NGFW
  • File integrity monitoring
  • SIEM / Log Management
  • Antivirus / Endpoint security
  • Encryption
  • Vulnerability management
  • Configuration management
  • Incident response
  • IDS / IPS
  • Security awareness
  • Software development life-cycle (SDLC)
  • System auditing and access control
PENETRATION TESTING
Anitian offers comprehensive internal and external penetration testing services designed to meet Requirement 11.3. For more information on Anitian’s penetration testing services click here.
WEB APPLICATION PENETRATION TESTING
Anitian offers comprehensive web application penetration testing services designed to meet Requirement 6.6. For more information on Anitian’s application testing services, click here.

Learning Resources

Presentation

Security as
Code

b

Paper

Communicating Risk
to Leadership

eBook

The Case for Security
in the Cloud

Contact

Share This