PCI DSS 4.0 · Req 11.4 pentesting · Segmentation

PCI DSS 4.0, without surprises at the QSA visit.

We size the CDE, prove your segmentation, run the Requirement 11 pentests, and hand you a QSA-ready evidence pack. Whether you're SAQ-D or full ROC, one team owns the whole picture.

Fixed pricing in USD · NDA before scoping · Senior engineers only

What's Included

Everything you get with PCI DSS Compliance & Testing.

CDE scoping & data-flow mapping

Where cardholder data actually lives, moves, and rests.

Segmentation validation testing

Prove your CDE is segmented — Req 11.4.5 / 11.4.6.

Internal & external penetration testing

Req 11.4.1 / 11.4.2 / 11.4.3 pentests, application-layer included.

Requirement gap analysis

All 12 requirements + 4.0 additions (targeted risk analysis, customized approach).

QSA liaison support

We coordinate directly with your QSA to keep the ROC on track.

Our Process

How the engagement runs.

01

Scoping & CDE Definition

Map cardholder data flows, define CDE and connected systems.

02

Testing & Gap Closure

Segmentation test, pentests, and requirement gap remediation.

03

Evidence Pack + QSA Handover

QSA-ready evidence, ROC support, and readiness sign-off.

Deliverables

What lands in your inbox.

  • CDE scope and data-flow diagrams
  • Segmentation validation test report (Req 11.4.5/6)
  • Internal & external pentest reports (Req 11.4.1–4)
  • Requirement-by-requirement gap analysis
  • QSA-ready evidence pack

Ready to hit your PCI DSS 4.0 assessment window?

  • Senior engineers (OSCP, OSCE, CEH) — no juniors
  • Fixed-fee USD quote in 24 hours
  • NDA before scoping
  • Direct Slack/WhatsApp line to your lead engineer