PCI Segmentation Testing Requirements

0Tolerance is a listed Payment Card Industry (PCI) Qualified Security Assessor (QSA) and can help you understand the PCI Segmentation Testing requirements.

PCI Segmentation Testing Requirements

The PCI Data Security Standard (PCI DSS) is a contractual requirement set forth by the PCI Security Standards Council (PCI SSC) to protect cardholder data. It applies to any organization that stores, processes, or transmits cardholder data, regardless of the size or number of transactions. It also applies to organizations that impact the security of card transactions. The PCI DSS protects cardholder data by requiring organizations to implement security controls and best practices.  

Segmentation testing must be performed by a qualified resource free of conflict of interest with the organization.

Who needs it?

  • All Service Providers must undergo a full annual pen test that includes segmentation testing.
  • All Service Providers must undergo a second annual pen test for segmentation testing purposes (6 months from the full test).
  • Level 1 Merchants must undergo a full annual pen test that includes segmentation testing.
  • Level 2-4 Merchants completing SAQ Type A-EP must undergo external network penetration and internal network segmentation testing.
  • Level 2-4 Merchants completing SAQ Type B-IP must undergo internal network segmentation testing.
  • Level 2-4 Merchants completing SAQ Type C must undergo internal network segmentation testing.
  • Level 2-4 Merchants completing SAQ Type C-VT must undergo internal network segmentation testing.
  • Level 2-4 Merchants completing SAQ Type D must undergo external network pen testing, full internal network pen testing, and internal network segmentation testing.

PCI Merchant Requirements

PCI Service Provider Requirements

startup, business, people

QSA Services for Merchants and Service Providers

We perform the following engagements

PCI Penetration Testing

0Tolerance performs penetration testing and segmentation testing for PCI purposes.

Penetration testing 1
PCI Approved Scanning Vendor

PCI Approved Scanning Vendor

0Tolerance offers an industry-leading ASV solution that has been customized to our needs for your benefit.

We Help you Avoid costly Payment Card Breaches