PCI DSS Compliance Checker

Assess your organization's PCI DSS compliance obligations across network security, data protection, access controls, vulnerability management, and monitoring requirements — with SAQ determination and PCI DSS v4.0.1 transition guidance.

Six Requirement Domains

Network Security (Req 1-2)

Firewall configuration, network segmentation, secure system configurations, and CDE boundary protection

Data Protection (Req 3-4)

Cardholder data storage, encryption at rest and in transit, tokenization, masking, and key management

Vulnerability Management (Req 5-6)

Anti-malware, secure SDLC, patch management, payment page script monitoring (Req 6.4.3)

Access Control (Req 7-9)

Need-to-know access, MFA for CDE access (Req 8.4.2), physical access controls, and unique user IDs

Monitoring & Testing (Req 10-11)

Logging, SIEM, IDS/IPS, ASV scanning, penetration testing, and file integrity monitoring

Security Policies (Req 12)

Information security policy, targeted risk analysis (Req 12.3.1), training, and incident response

Standards & Programs Covered

PCI DSS v4.0.1 (all requirements mandatory)

Visa Cardholder Information Security Program (CISP)

Mastercard Site Data Protection (SDP)

PCI PA-DSS (Payment Application)

PCI P2PE (Point-to-Point Encryption)

EU PSD2 Strong Customer Authentication (SCA)

PCI PIN Security Requirements

PCI 3-D Secure (3DS) Core Security Standard

Free to Use

Get an instant PCI DSS compliance assessment with specific requirement numbers, v4.0.1 changes, card brand penalties, and an actionable compliance checklist.