Security governance for a resilient business

AT&T security governance programs can help you adhere to regulatory compliance and meet strategic business objectives in a cost-effective manner.

Man looking at computer in office


What security compliance can achieve for you

  • Trusted advisor 

    Trusted advisor with breadth and depth of experience across industries.

  • Comprehensive solutions

    Comprehensive and customized compliance solutions to provide a holistic support.

  • Risk management 

    Increase visibility into critical risks.

  • Actionable insights 

    Provide actionable recommendations for your enterprise security.

  • Cost-effective 

    Offers a cost-effective approach to compliance.

  • Compliance posture baseline 

    Sets an enterprise security baseline.


Combining in-depth knowledge and experience within the industry

Governance, risk, and compliance (GRC) services

Contact us for pricing

Security assessment solutions addressing information security, governance, risk management, compliance and implementation based on up-to-date frameworks for policy and security management. This service is custom tailored to meet the needs of most major industries.

Contact us

Payment Card Industry (PCI) compliance solutions

Contact us for pricing

We provide assessments and remediation consulting, program development, penetration testing and code review services that help companies address specific areas of PCI compliance and security best practices.

Contact us

Features and highlights

Security governance that fits your business requirements

Features Details
Industry standards assessments  ISO 27001 readiness and HITRUST CSF assessments.
AT&T NetBond certification Assess and certify information security program meets regulatory requirements.
Annual PCI assessments  As a PCI Qualified Security Assessor (QSA), we perform PCI assessments on an annual basis.
PCI program management Program manage PCI efforts across an organization based upon specialized knowledge and project coordination experience.
PCI education and training  Education and training to help you work toward the requirements of the PCI data security standard.
Regulatory assessments Provide a compliance posture baseline with actionable remediation measures to help sustain compliance.

Test drive the AT&T Managed Vulnerability Program

Offers vulnerability, asset and patch management as well as threat and risk prioritization in one solution.

Get started
Person using computer.


Explore more of AT&T managed cybersecurity services


The annual assessment for Payment Card Industry Data Security Standards (PCI DSS) compliance is a review of your environment, processes, and personnel against PCI standards.


We perform the assessment according to PCI specifications for the networks, servers, and databases used to transmit, store, and process credit card data.

Assessment activities include

  • Interviews
  • Examination of policies, procedures, and other relevant documentation
  • Review of key device configurations


We document the assessment results in a Report of Compliance (RoC) and an Attestation of Compliance.


As a result, you have the information you need to help provide that your environment and processes comply with PCI standards.

AT&T Cybersecurity Consulting offers a range of comprehensive, customized Payment Card Industry (PCI) consulting practice services that help merchants assess their environments and work to comply with the PCI Data Security Standard (DSS).


The PCI consulting practice services include:

  • Annual PCI Assessments—As a PCI Qualified Security Assessor (QSA), AT&T Cybersecurity Consulting performs PCI assessments, PCI readiness assessments, and PCI health checks. After conducting these onsite assessments, we provide you with compliance reports and attestations, remediation roadmaps, and periodic status checks.
  • PCI Approved Scanning Vendor (ASV)—AT&T cybersecurity consulting is a PCI ASV authorized to perform external vulnerability scans on in-scope Internet-facing infrastructure. The PCI DSS requires merchants to use an ASV for quarterly external vulnerability scans.
  • Payment Application Data Security Standard (PA DSS) Certification—AT&T Cybersecurity Consulting is an approved Payment Application Qualified Security Assessor (PA-QSA). The PCI Standards Council has made this certification mandatory for any organizations that assess payment applications developed for sale.
  • PCI Program Management—AT&T cybersecurity consulting has the project and program management experience to help manage your security governance program and coordinate PCI efforts across your enterprise.


To support your PCI-related security efforts, AT&T cybersecurity consulting also offers vulnerability scanning, penetration testing (network and application), incident response (workshops, retainers, and forensic analysis), training, forensic review, and cardholder/Personally Identifiable Information (PII) data discovery.

A Payment Application Qualified Security Assessor (PA-QSA) is a security company that the Payment Card Industry (PCI) Security Standards Council has certified to assess compliance with the PCI Payment Application Data Security Standard (PA-DSS).


The Council has made this certification mandatory for payment applications developed for sale. AT&T cybersecurity consulting is a certified PA-QSA.

We gain a strong understanding of your business model, cardholder data flows, cardholder data repositories, network architecture, and systems that support the business. This allows us to thoroughly assess your PCI compliance while we are on site and, more importantly, puts us in a position to provide strategic and tactical advice in the event that a PCI objective/control is not met.


In addition, we provide tactical advice by making recommendations to address gaps and adhere to security best practices and provide strategic advice by analyzing the root causes of any PCI-related gaps.


Our security assessors work closely with you to understand your situation and apply security best practices to your environment.

AT&T cybersecurity consulting helps you comply with U.S. state privacy laws by assessing your compliance status and then providing recommendations and remediation services.


First, we conduct a baseline assessment to determine how well your security program complies with the current, applicable U.S. state laws. Then we identify any compliance gaps and provide recommendations to eliminate them and improve your overall security posture.


In addition, we offer remediation services to help you achieve compliance with U.S. state privacy laws, including those in Massachusetts and Nevada. State privacy laws to protect sensitive and personally identifiable information are growing in number and complexity. Consequently, you may need to strengthen elements of your security program—such as incident response, breach identification and notification, and identity theft prevention—to meet these requirements.


AT&T cybersecurity consulting provides recommendations in regard to complying with certain laws. However, this should not be considered legal advice or that such recommendations will, in fact, deem an organization compliant.

AT&T cybersecurity consulting can help meet the requirements of the Gramm-Leach-Bliley Act (GLBA) with regulatory and industry standards-based assessments.


To comply with the GLBA mandate, financial institutions must identify and assess security risks, plan and implement security solutions to protect sensitive information, and establish measures to monitor and manage security systems.


AT&T cybersecurity consulting GLBA assessment services help identify immediate security concerns, prioritize gaps between your current infrastructure and the requirements for GLBA compliance, and assist in approving your overall system security posture and projected growth. Using the assessment and gap analysis, we provide you with prioritized recommendations for improving performance, mitigating risk, and working toward compliance with the requirements.

AT&T cybersecurity consulting helps you work towards the requirements of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Health Information Trust Alliance (HITRUST) by offering regulatory and industry standards-based assessments.


Proper implementation of controls to meet the information protection requirements of HIPAA/HITECH/HITRUST has become increasingly urgent following recent reports of health record data breaches and the transformation of healthcare industry data practices and requirements. Our assessments help benchmark security and privacy security posture. In addition, we provide insight on how to improve existing compliance controls and manage organizational information risks.


Our assessments typically include information gathering via stakeholder interviews, review of existing controls, gap analysis, and providing recommendations.


As a result, you can get the help you need to work toward compliance with these important regulations.

Request info

To get sales help from a Business Solutions specialist, please complete this form.
RAI Form

Thank you

Thank you for contacting us about Security Compliance. An AT&T Representative will contact you shortly to provide any additional information and answer any questions.

RAI Form Anchor

Your feedback will help us to improve AT&T Business so you continue to have a great experience when visiting us!

This survey is conducted by an independent company ForeSee for AT&T.

Yes, I’ll give feedback!