Am I in scope for PCI DSS? Which Self Assessment Questionnaire do I need to complete? There are over 300 questions on the form - do I really need to answer all of them? Which are the contentious questions and will my mitigating evidence be deemed appropriate?
And what about testing? Do I need to use a QSA, an ASV or can I run the tests myself? Is it true that quarterly ASV scanning is just one of several tests that need to be completed during the year? Do I need to do wireless scanning even if we’ve decided not to install access points on the network?
NTA can help you with these, and the many other questions you will no doubt have, through the provisions of experienced consultants and a range of testing services that support organisations working towards the PCI data security standard.
As an Approved Scanning Vendor (ASV) with five years experience in the field, we have developed a strong understanding of the requirements placed on companies by PCI and the challenges these requirements present. Providing more than just external ASV scanning, NTA can offer full end-to-end consultancy review and penetration testing services to make achieving PCI compliance easier for your organisation.
Some of the specific areas we can help with are shown below, but this list is not designed to be worked through doggedly. Give us a call and let us know where you’re at and what your specific questions are, and we can discuss how we may best help you.
PCI Self Assessment Questionnaire (SAQ) Review (All)
PCI Gap Analysis (All)
PCI Remediation Plan (All)
Install and Maintain a Firewall (1.1.6)
Wireless Security Testing (4.1.1)
Public Facing Web Applications (6.6)
Physical Security Review & Media Handling (9)
Wireless Rogue Access Point Scanning (11.1)
Internal Quarterly Network Scanning (11.2.1)
External Quarterly Network Scanning (11.2.2)
Vulnerability Scanning Fix Process (11.3B)
Network & Application Layer Penetration Test (11.3)
I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.
Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.
We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...
I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.
The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.
On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...
NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.