WHAT IS AN PCI DSS 11.3 PENETRATION TEST?
Under PCI DSS Requirement 11.3 a penetration test of your Cardholder Data Environment and all systems and networks connected to it is required to be conducted.
A penetration test is designed to evaluate your organisations security posture and ultimately to fortify your business, through the identification and exploitation of vulnerabilities, to determine whether unauthorised access or other malicious activity is possible.
WHY CONDUCT A PCI 11.3 PENETRATION TEST?
PCI DSS Requirement 11.3 addresses penetration testing, which differs from the external and internal vulnerability assessment requirements of PCI DSS Requirement 11.2.
For any organisation which stores and processes Cardholder data a Penetration test is required to ensure the security of your systems is safeguarded from a malicious attacker attempting to gain access to this sensitive information.
Under the PCI DSS Requirement 11.3 the scope of work for a penetration test includes all locations of cardholder data, all key applications that store, process, or transmit cardholder data, all key network connections, and all key access points.
Our Penetration testers will work with you to ensure each of your systems required for assessment are thoroughly tested, and you are provided with a detailed analysis regarding this test.
Our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities against each of your assets. An extensive report provides a thorough description of each identified vulnerability and provides business context alongside each issue.
This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.
A PCI DSS 11.3 Penetration Test will allow your organisation to:
- Understand the risks that exist across your estate and can affect your Cardholder Data Environment.
- Make ongoing improvements to your security posture via specialist support, advice and consultancy.
- Adhere to PCI DSS Requirement 11.3 to conduct penetration testing against your CDE and connected systems and networks.
- Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats.