Compliance

PCI-DSS
compliance.

Every aspect of PCI-DSS v4.0 requirement 11.4 covered in a single engagement — external, internal, application-layer, and segmentation testing. QSA-ready evidence packages and free remediation retest within the assessment cycle.

PCI

What we cover.

  • 11.4.2 External penetration testing of the CDE perimeter
  • 11.4.3 Internal penetration testing including application-layer
  • 11.4.4 Vulnerability remediation verification (free retest)
  • 11.4.5 Segmentation testing for every documented boundary
  • 11.4.6 Six-month segmentation re-test for service providers

Our methodology.

Aligned to NIST SP 800-115, PTES, and the PCI SSC Information Supplement on Penetration Testing. Manual-first — we don’t ship scanner output rebranded as a report. Our QSA partners have signed off on our methodology in over 150 engagements.

Qualified personnel.

Every PCI engagement is led by an engineer holding at least one of: OSCP, GPEN, CREST CRT, CHECK Team Leader. Independence attestation is provided automatically.

QSA-ready deliverables.

  • Documented methodology under 11.4.1
  • Tester qualifications and independence attestation
  • Scoping document mapping CDE, connected systems, and segmentation boundaries
  • Executive summary + full technical report with PCI requirement mapping
  • Segmentation testing appendix with per-control evidence
  • Remediation retest report and letter of attestation

Read more.

Align with your QSA

SCOPE A PCI
engagement.

Free 30-minute call with PCI-experienced leads. Fixed-price proposal aligned to your QSA’s expectations.

Book Free Scoping Call →All Services