PCI-DSS compliance covers the following areas:
Compliance of Payment Software Applications to PA-DSS
Operating Systems, Application Servers, Databases, Supporting Tools
Network
Office Access Control
SDLC, Operational and Administrative Processes and Policies
Change Control Management – Software, Network and Hardware
Entities that should be PCI-DSS certified include-
Processors
Card Issuers
Digital Issuance Platform
Tokenization server
Acquirers
Merchants
Payment SDKs
Card Embossing and Printing Vendors
PoS terminal manufacturers
PIN PAD Manufacturers
C POS Vendors
Mobile Devices supporting payments
Girmiti Software scope of PCI- DSS services includes –
Identify the areas impacted/affected by PCI-DSS within your organization
Application Software
Gap Analysis
Re-engineering
OWASP
Data Encryption
Data Access
Data Security Standards
Security Coding Standards
Comprehensive Testing including Scanning and Penetration Testing
OS, Web Server and DB level vulnerability checks and compliance
Access Control Checks
Process definition and implementation as required by PCI-DSS – Information Security policy, data access and retention policies
Definition and Implementation of Change Control Process
Training
Document Preparation, Evidence Preparation, Submission
Work with the certification authority for evaluation, remediation and ensure that the organization is PCI-DSS certified
For more information, please contact us at info@girmiti.com