A Single Partner for Everything You Need With more than 450 technology partners in its ecosystem, Optiv provides clients with best-in-class security technology and solutions that equip organizations to detect and manage cyber threats effectively and efficiently in today's growing attack surface. Optiv's Partner of the Year Awards recognize forward-thinking innovation, performance and growth, and unparalleled technology solutions.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
PCI DSS Compliance Management & Consulting Service PCI Consulting Expertise That Streamlines Compliance Efforts Compliance Guidance PCI DSS v4.0 Services Overview Customized Solutions Resources Contact Us What is The Difference Between PCI DSS Compliance & PCI DSS Certification? If your organization accepts, stores or transmits cardholder data (CHD), it must comply with the PCI DSS standard. This requires annual validation/proof by most merchant processors and is a way of demonstrating that your environment is secure. Based on the number of card transactions you complete annually, you’ll need a self-assessment questionnaire OR an independent onsite audit. As standards and requirements evolve, maintaining compliance and performing assessments can become a yearly struggle. PCI DSS Level 1 Merchant Requires a Report on Compliance (ROC), completed by a Qualified Security Assessor (QSA) after a PCI DSS audit PCI DSS Level 2 Merchant Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ) – there are nine different versions; the way your business handles payment card data determines the one you need PCI DSS Level 3 Merchant Requires appropriate Self-Assessment Questionnaire (SAQ) Image What Does PCI DSS Certification Require? Depending on your organization’s merchant level status (1, 2 or 3), PCI DSS Certification may be required by the PCI Council. Organizations need compliance management teams with significant PCI experience but finding staff with the requisite expertise can be daunting. Proof that your organization is doing everything it can to protect CHD Requires proper firewalls and infrastructure Hardening standards and purpose built systems Latest in data encryption Restricted cardholder data access (electronic and physical) Multi-Factor Authentication Appropriate tracking and monitoring of network resources and data Security scans and tests of technologies and processes Up-to-date antivirus software Security IT governance and executive-level management Payment Card Industry DSS v4.0 PCI Compliance Field Guide The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements to protect credit cardholder data. This field guide explains the changes in version 4.0 and helps organizations prepare for migration. Download “PCI Compliance Field Guide” for strategies on: Tracking and enforcement Penalties, fees and compliance deadlines Validation process and who needs to validate Download the Guide Image PCI DSS v4.0 – What You Need to Know PCI Compliance is about to get even more complicated. Why? PCI DSS 4.0 brings even tighter controls, customized implementation, authentication, encryption and testing frequency. PCI DSS 4.0 Transition Dates End of March 2022 PCI DSS 4.0 goes live July 2022 QSAs can begin performing 4.0 assessments March 2024 PCI DSS v3.2.1 will be retired and no longer be compliance standard Q3 2022 - Q4 2024 Implementation windows for all “evolving” controls Q1 2025 All “evolving” controls become mandatory Key PCI DSS 4.0 Changes Documented Responsibility Requirements / RACI Effective immediately for all v4.0 attestations Targeted PCI Risk Assessment Requirement* Automated phishing detection required E-Commerce Changes* Web application firewalls enforcement Tamper protection on payment pages SIEM and Manual Reviews Insufficient* Automated reviews and alerts are required Internal Vulnerability Scanning* Authenticated scanning required Data Governance* Identify all stored, processed, or transmitted cardholder data (CHD) Data loss prevention (DLP) tools and incident response plans must identify CHD outside Cardholder Data Environment (CDE) Sensitive Authentication Data* Mandatory encryption before authorization Passwords* 12-character password enforcement (previously 7) SSO passwords must be rotated every 90 days Multi-Factor Authentication (MFA) is required for all user access into the CDE What Are The Challenges of Moving to PCI DSS v4.0? PCI DSS v4.0 introduces many industry-aligning requirements and new technical controls not seen in previous versions of the standard. Image Gap Identification Addressing the unknown by identification of missing or under-addressed controls Image Strategy Planning of scope reduction strategies and PCI compliance roadmaps Assistance with remediation planning and execution Image Compliance Reporting QSA experts to complete annual onsite assessments for SAQ, ROC and ROVs Go Beyond PCI DSS Compliance “Checklists” With Optiv Optiv is a Qualified Security Assessor (QSA) PCI DSS consulting services from Optiv can help minimize the cost and complexity of building, implementing and managing a PCI DSS program. We’re an extension of your onsite compliance team: pass critical and resource-intensive tasks to our team of PCI DSS experts. We’ll minimize the burden of PCI DSS compliance while aligning security requirements, technology and business goals to manage risk cost-effectively. PCI DSS Consulting with Optiv Turn your compliance efforts into a competitive advantage, improve decision-making, enhance agility and leverage business insights. Our PCI DSS consulting services are part of our broader enterprise risk and compliance offerings that include services for standards and frameworks such as HIPAA, CCPA, GDPR, Sarbanes-Oxley, NIST CSF, ISO27001/2, cloud security compliance and more. Image Advise Through executive workshops, readiness reviews and a PCI risk assessment we will help your team be prepared for PCI compliance attestations certification. Deploy Implementing remediation plans or PCI compliance strategies can take time. Clients often find it challenging to navigate through change windows, resource time and having the right tool to ensure compliance. PCI IT governance programs aid in compliance policies, procedures and maintenance schedules to ensure PCI compliance throughout the year and preparation for compliance assessments. Operate A robust program with reporting necessary for PCI annual compliance assessments, application assessments and PCI penetration testing, and staff augmentation with expert QSAs. Learn More About Optiv’s PCI DSS Advisory Services Keeping pace with Payment Card Industry Data Security Standard (PCI DSS) compliance will require clients to follow daily, weekly, monthly, quarterly, semi-annual and annual maintenance procedures. PCI DSS has approximately 500 controls which the client will need to prove they meet each year. Optiv offers several services to help our customers meet their PCI compliance challenges. Readiness Assessment PCI Risk Assessment PCI Gap Assessment Approved Scanning Vendor (ASV) Reselling PCI and Segmentation Penetration Testing PCI QSA Retainer Solution Implementation QSA-Provided SAQ Guidance QSA Completed SAQ Report on Compliance (ROC) PCI Compliance as-a-Service Secure Software Assessment Designated Entities Supplemental Validation (DESV) or PCI Program PCI DSS Compliance Success Stories Finding Gaps and Identifying Steps to PCI Compliance An online service’s website needed a thorough review of its overall security environment to help ensure that it was compliant with PCI standards in preparation for future audits. See how the company worked with Optiv to review its current environment, help identify gaps and deficiencies and provide recommendations for remediation in this infographic. Learn more. Previous Next Achieving PCI Compliance and Protecting Customer Data A restaurant chain collecting customer data with point-of-sale (POS) systems at more than 200 locations experienced a breach and needed to remediate for PCI compliance. Though their connection to the primary data center was secure, several POS systems were compromised with data-stealing malware. Read about how the company worked with Optiv to protect its network. Learn more. Previous Next Get Customized PCI DSS Advisory Services PCI DSS is complicated. With Optiv’s PCI DSS Advisory Services, you’ll get the expertise and the confidence to: Accelerate the rollout and improvements of compliance programs. Bring compliance efforts to the next level, moving from a checklist approach to a business-aligned strategy. Enhance efforts to address risk more effectively and advance business goals. Image eBook PCI Compliance eBook Get best practices for remediation, assessments, reporting and more. Download eBook Image Service Brief PCI Compliance Checklist Consider these key items when implementing a PCI program. Download Service Brief Image White Paper Secure Payment Lifecycle Solve challenges such as data privacy, client experience and data protection. Download White Paper Related Insights Image Service Brief Payment Card Industry (PCI) Advisory Services Untangle requirements from multiple regulations. Download Service Brief Image Blog Outlining the PCI DSS v4.0 Approach Create a customized approach that suits your environment. View Blog Image Blog PCI DSS 4.0: A Primer Explore the details behind this new standard. View Blog Image Blog PCI DSS 4.0 Is Here This post features advice on how to begin preparing. View Blog Speak to an Optiv PCI Compliance Expert