PCI DSS Readiness Assessment
- In-depth scoping analysis as it related to the PCI DSS criteria
- Analysis of debit/credit (i.e., payment) Card “Transaction Environment”
- Analysis of hardware/software systems, components and all other related application and network layer devices
- Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization
Remediation and Implementation
- Secure Application Design and Implementation
- Firewall Rules Design & Implementation
- Intrusion Detection/Prevention System Design & Implementation
- Device Configuration & Hardening
- IT Security Policies & Procedures
Sustainment and Ongoing Compliance
- Annual Compliance Validation
- 3rd Party Compliance Programs
- Day 2 Governance Programs
Application Security Testing (OWASP criteria)
- Information gathering, authentication, session management, input validation
- Application business logic
- Infrastructure and application configuration management