PCI DSS Penetration Testing and Vulnerability Scanning
Key requirements of the PCI DSS include the need to undertake both vulnerability scanning and penetration testing in order to assess the network infrastructure and applications. The PCI DSS requires organisations to conduct a vulnerability scan of all external IPs and domains in scope at least once every 90 days. URM can conduct the required 2 vulnerability scans, one external to your network and one within your network, behind your various perimeter security devices.
As a CREST-accredited organisation, URM can also conduct penetration tests, where our Team of testers will not only analyse your network environment and identify potential vulnerabilities, but try to exploit those vulnerabilities. Under PCI DSS Requirement 11.3, (applicable to ROCs, SAQ C and SAQ D), URM can conduct internal and external penetration testing of both the network and application layers of the CDE, as well as any required segmentation testing. For more information on our penetration testing capabilities, follow the link below.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Track record and experience
URM has a team of expert consultants across multiple security disciplines who are all highly experienced in assisting organisations in gaining PCI DSS compliance. Our consultants have worked with hundreds of different companies across a wide range of industries, including local government, entertainment, retail, hospitality, IT services, charities, and many more. They also have experience of working with companies of various sizes ranging from self-employed individuals to multi-national corporations. So, whatever your PCI DSS needs are, URM will be able to provide a QSA who understands your organisation and can offer the best advice and guidance to help you achieve compliance.
Pragmatic Approach
All of URMs QSAs pride themselves on their pragmatic approach to both compliance and assessments and will work with you to find the most appropriate and sensible way for you to meet the requirements of the PCI DSS.
PCI DSS v4.0: Targeted Risk Analysis
URM’s blog dissects the new PCI DSS requirements around targeted risk analysis, what they involve, and how the 2 types of TRA in the Standard differ.
URM’s blog drills down into the PCI DSS v4.0 requirements around forced password changes, with a particular focus on the addition of zero-trust architecture.
URM’s blog explains the wording changes in Requirement of the PCI DSS v4.0, offering advice on how organisations can select and use the most appropriate NSCs.
URM’s blog answers key questions about the practicalities of PCI DSS v4.0 transition assessments and how you can best prepare for a successful v4.0 transition.