PCI DSS 4.0 · Req 11.4 pentesting · Segmentation
PCI DSS 4.0, without surprises at the QSA visit.
We size the CDE, prove your segmentation, run the Requirement 11 pentests, and hand you a QSA-ready evidence pack. Whether you're SAQ-D or full ROC, one team owns the whole picture.
Fixed pricing in USD · NDA before scoping · Senior engineers only
What's Included
Everything you get with PCI DSS Compliance & Testing.
CDE scoping & data-flow mapping
Where cardholder data actually lives, moves, and rests.
Segmentation validation testing
Prove your CDE is segmented — Req 11.4.5 / 11.4.6.
Internal & external penetration testing
Req 11.4.1 / 11.4.2 / 11.4.3 pentests, application-layer included.
Requirement gap analysis
All 12 requirements + 4.0 additions (targeted risk analysis, customized approach).
QSA liaison support
We coordinate directly with your QSA to keep the ROC on track.
Our Process
How the engagement runs.
01
Scoping & CDE Definition
Map cardholder data flows, define CDE and connected systems.
02
Testing & Gap Closure
Segmentation test, pentests, and requirement gap remediation.
03
Evidence Pack + QSA Handover
QSA-ready evidence, ROC support, and readiness sign-off.
Deliverables
What lands in your inbox.
- CDE scope and data-flow diagrams
- Segmentation validation test report (Req 11.4.5/6)
- Internal & external pentest reports (Req 11.4.1–4)
- Requirement-by-requirement gap analysis
- QSA-ready evidence pack
Explore More