PCI DSS Validation
We provide data security assessments and scanning for the payment card industry. Selecting SAIC means you will work with one of the world's leaders in IT security technical excellence.
Trying to select a PCI DSS Qualified Security Assessor?
The SAIC Payment Card Industry (PCI) Data Security Standard (DSS) Laboratory has successfully met PCI Security Standards Council Requirements (309k PDF file*) to perform PCI data security assessments. Selecting SAIC means you will work with one of the world's leaders in IT security technical excellence.
Why Become Compliant?
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is required by the major credit card issuers to help organizations proactively protect customer account data.
All entities that transmit, process, or store payment card data must be compliant with PCI DSS. This standard is regulated by the PCI Security Standards Council.
PCI DSS Quality Security Assessor (QSA) Validation
SAIC provides a full range of Quality Security Assessor (QSA) services, including a gap assessment that reviews a client's current processing environment and its IT architecture, policies, and personnel. The SAIC PCI DSS QSA can also perform an in-depth audit of a client's security methods and applications that protect cardholder data; if issues are discovered, SAIC can suggest remediation solutions.
SAIC PCI DSS Services:
- PCI DSS audit service
- PCI DSS gap analysis service
- PCI DSS remediation/consulting service
- PCI DSS penetration testing service
- PCI DSS application security service
PCI DSS Approved Scanning Vendor (ASV) and SAQ Support
SAIC is teamed with Qualys to deliver QualysGuard PCI an on demand Web application that is the most accurate, easiest to use tool for PCI compliance testing, reporting and submission. QualysGuard PCI enables merchants and Member Service Providers to promptly complete the PCI self-assessment questionnaire, and conduct network and web application security scans to efficiently identify and eliminate security vulnerabilities. The QualysGuard PCI "auto submission" feature completes the compliance process, allowing users to submit compliance status to one or multiple acquiring banks.
Cost
PCI DSS task cost quotes are based on complexity of the merchant or service provider's environment to include the number of firewalls, switches, servers and processing locations.
Schedule
SAIC's PCI DSS Validation Laboratory has the ability to take on new work quickly. Our matrix management approach enables our expert QSA's to work on multiple projects. This approach enables us to begin new projects without waiting for current audits to be completed.
Contact Us Today
For more information about our business solutions and capabilities, please contact us today.
Do I really need to comply with PCI DSS?
All merchants and service providers that process credit card data need to comply with the PCI DSS standard. The requirements vary by merchant level.
Do I need a Gap Assessment?
A gap assessment can be useful for all merchants. It is the first stage of the PSI DSS audit. SAIC gathers data to identify gaps in your current security position and the PCI DSS requirement. It can save you money by scoping the boundary before the audit. For example, our gap assessment report might suggest reducing the number of systems that are involved in transaction processing or have the possibility of accessing related data, implementing network segmentation or other measures to reduce the effort for compliance.
Do I need an independent assessment or a self-assessment?
Independent assessments are required for merchant levels one and two or merchants that have experienced credit card information breaches. SAIC can (at no cost) help you understand what is needed for business or service.
What does an assessment entail?
All systems that store, process or transmit primary account numbers (credit card numbers) -- and all systems that are within the same logical network as these -- must meet the PCI Data Security Standard.
Assessments follow the PCI DSS security audit procedures. An SAIC qualified security assessor (QSA) will want to see your documentation of your environment and procedures first. Both a telephone and an onsite-assessment will be performed to verify that your documentation is correct and that sensitive data is processed, stored, and in compliance with the PSI DSS standard. The SAIC QSA will provide you (and the credit card company with a Report on Compliance (ROC) stating that you meet the standard's requirements. If there are issues, SAIC will detail what needs to be corrected before the ROC can be issued, including remediation suggestions.
What about Schedule and Cost?
Schedule and cost vary and are based on the scope of the assessment and creating the Report on Compliance.
SAIC will be glad to assist you. Based on our discussion, SAIC can (at no cost) send you a rough-order-of-magnitude (ROM) with an estimate of time and costs.
Contact Us Today
For more information about our business solutions and capabilities, please contact us today.
Visit the web sites below for additional information on payment card industry data security standards.
Contact Us Today
For more information about our business solutions and capabilities, please contact us today.