Security governance for a resilient business

The annual assessment for Payment Card Industry Data Security Standards (PCI DSS) compliance is a review of your environment, processes, and personnel against PCI standards.

We perform the assessment according to PCI specifications for the networks, servers, and databases used to transmit, store, and process credit card data.

Assessment activities include

• Interviews
• Examination of policies, procedures, and other relevant documentation
• Review of key device configurations

We document the assessment results in a Report of Compliance (RoC) and an Attestation of Compliance.

As a result, you have the information you need to help provide that your environment and processes comply with PCI standards.

AT&T Cybersecurity Consulting offers a range of comprehensive, customized Payment Card Industry (PCI) consulting practice services that help merchants assess their environments and work to comply with the PCI Data Security Standard (DSS).

The PCI consulting practice services include:

• Annual PCI Assessments—As a PCI Qualified Security Assessor (QSA), AT&T Cybersecurity Consulting performs PCI assessments, PCI readiness assessments, and PCI health checks. After conducting these onsite assessments, we provide you with compliance reports and attestations, remediation roadmaps, and periodic status checks.
• PCI Approved Scanning Vendor (ASV)—AT&T cybersecurity consulting is a PCI ASV authorized to perform external vulnerability scans on in-scope Internet-facing infrastructure. The PCI DSS requires merchants to use an ASV for quarterly external vulnerability scans.
• Payment Application Data Security Standard (PA DSS) Certification—AT&T Cybersecurity Consulting is an approved Payment Application Qualified Security Assessor (PA-QSA). The PCI Standards Council has made this certification mandatory for any organizations that assess payment applications developed for sale.
• PCI Program Management—AT&T cybersecurity consulting has the project and program management experience to help manage your security governance program and coordinate PCI efforts across your enterprise.

To support your PCI-related security efforts, AT&T cybersecurity consulting also offers vulnerability scanning, penetration testing (network and application), incident response (workshops, retainers, and forensic analysis), training, forensic review, and cardholder/Personally Identifiable Information (PII) data discovery.

A Payment Application Qualified Security Assessor (PA-QSA) is a security company that the Payment Card Industry (PCI) Security Standards Council has certified to assess compliance with the PCI Payment Application Data Security Standard (PA-DSS).

The Council has made this certification mandatory for payment applications developed for sale. AT&T cybersecurity consulting is a certified PA-QSA.

We gain a strong understanding of your business model, cardholder data flows, cardholder data repositories, network architecture, and systems that support the business. This allows us to thoroughly assess your PCI compliance while we are on site and, more importantly, puts us in a position to provide strategic and tactical advice in the event that a PCI objective/control is not met.

In addition, we provide tactical advice by making recommendations to address gaps and adhere to security best practices and provide strategic advice by analyzing the root causes of any PCI-related gaps.

Our security assessors work closely with you to understand your situation and apply security best practices to your environment.

AT&T cybersecurity consulting helps you comply with U.S. state privacy laws by assessing your compliance status and then providing recommendations and remediation services.

First, we conduct a baseline assessment to determine how well your security program complies with the current, applicable U.S. state laws. Then we identify any compliance gaps and provide recommendations to eliminate them and improve your overall security posture.

In addition, we offer remediation services to help you achieve compliance with U.S. state privacy laws, including those in Massachusetts and Nevada. State privacy laws to protect sensitive and personally identifiable information are growing in number and complexity. Consequently, you may need to strengthen elements of your security program—such as incident response, breach identification and notification, and identity theft prevention—to meet these requirements.

AT&T cybersecurity consulting provides recommendations in regard to complying with certain laws. However, this should not be considered legal advice or that such recommendations will, in fact, deem an organization compliant.

AT&T cybersecurity consulting can help meet the requirements of the Gramm-Leach-Bliley Act (GLBA) with regulatory and industry standards-based assessments.

To comply with the GLBA mandate, financial institutions must identify and assess security risks, plan and implement security solutions to protect sensitive information, and establish measures to monitor and manage security systems.

AT&T cybersecurity consulting GLBA assessment services help identify immediate security concerns, prioritize gaps between your current infrastructure and the requirements for GLBA compliance, and assist in approving your overall system security posture and projected growth. Using the assessment and gap analysis, we provide you with prioritized recommendations for improving performance, mitigating risk, and working toward compliance with the requirements.

AT&T cybersecurity consulting helps you work towards the requirements of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Health Information Trust Alliance (HITRUST) by offering regulatory and industry standards-based assessments.

Proper implementation of controls to meet the information protection requirements of HIPAA/HITECH/HITRUST has become increasingly urgent following recent reports of health record data breaches and the transformation of healthcare industry data practices and requirements. Our assessments help benchmark security and privacy security posture. In addition, we provide insight on how to improve existing compliance controls and manage organizational information risks.

Our assessments typically include information gathering via stakeholder interviews, review of existing controls, gap analysis, and providing recommendations.

As a result, you can get the help you need to work toward compliance with these important regulations.