Due to numerous interpretations of Requirement 11.3, current penetration testing challenges include scope, testing methodology, and reporting inconsistencies. These challenges make it difficult for assessment groups to know that tests sufficiently meet the PCI requirement’
“It’s tiring to defend what a pen test should be,” said Gary Glover, SecurityMetrics Director of Security Assessments. “We must update the guidelines with the knowledge we’ve gleaned over the past five years to ensure merchants, service providers, QSAs, and pen test groups are all on the same page when defining a successful penetration test.”
Through case studies, templates, and best practices, the SIG will clarify information supplement documentation and provide guidance on:
· -Authenticated testing conditions
· -Assessment reports
· -Internal and external scoping
For more information about SecurityMetrics services such as penetration testing or PCI compliance, please contact SecurityMetrics at 801.705.5656 or email@example.com.
About SecurityMetrics (www.securitymetrics.com (http://www.securitymetrics.com))
SecurityMetrics protects electronic commerce and payments leaders, global acquirers, and their retail customers from security breaches and data theft. The company is a leading provider and innovator in merchant data security, and as an Approved Scanning Vendor and Qualified Security Assessor, has helped over 1 million organizations manage PCI DSS compliance and/or secure their network infrastructure, data communication, and other information assets. Founded in October 2000, SecurityMetrics is a privately held company headquartered in Orem, Utah, USA.