Conformance Technologies

Cyber Attack Readiness Toolkit powered by Conformance Technologies

Email

Making PCI Compliance easy.

  • Home
  • Get the Toolkit
  • Pentesting Info
    • It’s a PCI DSS Mandate
    • Pentesting Benefits
  • Contact Us
  • Customer Accounts
    • Order History
  • About Us

Pentesting Benefits

Cybersecurity_image2The Payment Card Industry Data Security Standard (PCI DSS) requires all organizations that store, process, or transmit credit card data to adhere to specific credit card security requirements approved and endorsed by the various card brands such as Visa, MasterCard, American Express, and Discover.

Section 11.3 of the PCI DSS requires organizations to perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).

What is a Penetration Test?

A penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-users’ adherence to security policies.

PCI DSS compliant penetration testing must meet specific guidelines:

  • Penetration testing methodology must be based on industry-accepted approaches such as NIST SP800-115.
  • Testing must include the entire cardholder data environment (CDE).
  • Testing must be performed from an external and internal perspective.
  • Segmentation controls, or controls that reduce the scope of the CDE, must be tested for effectiveness.
  • The assessment needs to include both application-layer and network-layer testing.
  • Any exploitable vulnerabilities must be addressed and retested.

Conformance’s Cyber Attack Readiness Toolkit designed for Small-to-Midsize Merchants

We offer an economical alternative for smaller merchants that have a single e-commerce site.

documentAchieve Compliance: Satisfy annual penetration testing requirements with an effective, low-cost solution.

lockImprove Security / Reduce Fraud: Reduce the possibility of cardholder data breach and improve overall data security.

network1Get a Hacker’s Eye View with External Testing: Identify and resolve security issues in a proactive and manageable way.

network2Validate Internal Controls and Segmentation: Gain confidence in knowing that internal security controls are effective.


I still have Questions and would like someone to contact me:

  • This field is for validation purposes and should be left unchanged.

Search

About Conformance Technologies

A fast-growing provider of technology, education and expertise used in managing sensitive data. Distributed through resellers and corporate aggregators who manage groups of businesses and consumers, Conformance Technologies gives these entities the opportunity to increase compliance rates, lower operating costs and generate ongoing revenue streams.
Read More

Tell me more about Pentesting…

It's a PCI DSS mandate and vital to your security.

A penetration test simulates a real-world attack against your information systems to identify vulnerabilities and risks which may impact the confidentiality, integrity or availability of your credit card

Read More

Connect with Us

  • Email

RSS Security Advisories

Support Options

Email: support@conformancetech.com
Phone: 855.251.0150 option 3

Your Privacy Matters

  • Privacy Policy
  • Terms of Service
The Cyber Attack Readiness Toolkit (CART) is powered by Conformance Technologies. Property of Conformance Technologies, LLC. © 2018 All rights reserved.