PCI Toolkit 

Whitepaper: How to Justify Your Security Assessment Budget

Penetration testing has been established as a standard security tool in the past years: While the topic was mostly used in the military and intelligence services until recently, penetration testing is now an integral part of regulations such as the Payment Card Industry Data Security Standard (PCI DSS). One topic that a lot of technical IT professionals have problems with - maybe you as well - is selling security to their non-technical management. This white paper aims to help you with this endeavor: explaining the benefits of penetration testing to the business and securing the necessary budget.

PCI DSS Compliance Guide 3.0

Negative media coverage, a loss of customer confidence, and the resulting loss in sales can cripple a business. As a result, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. The Payment Card Industry (PCI) Data Security Standard (DSS) was created to confront the rising threat to credit cardholder personal information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving PCI compliance.

Complimentary Resources to Help You Achieve PCI Compliance


eBook: Demystifying PCI DSS - Expert Tips and Explanations to Help You Gain PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS), with its over 200 requirements, can seem like a daunting set of regulations. Nonetheless, if your organization handles any kind of credit card information, must be PCI DSS compliant. As difficult as this can seem, you can get expert help with our new eBook: Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS Compliance.


Compliance Dashboard: PCI DSS Compliance Dashboard

The PCI Dashboard in this toolkit has features that were included based on the previous success of Nexpose and Metasploit customers with Rapid7 along their PCI journeys. Some of these special features include:

  • An “executive summary” that shows the progress along your PCI journey
  • A severity column and graphs that automatically adjust based on implementation of the requirement and allows users to track their progress
  • Ability for the user to indicate merchant type. Once merchant type is selected, the worksheet automatically adjusts the compliance levels and requirements

In this Whiteboard Wednesday, Ethan Goldstein explains what PCI is, how to become PCI compliant, and what you should look for in a vendor. Whether you are searching for a PCI approved scanning vendor or simply trying to answer the question, "What is PCI compliance?" Rapid7 can help! Watch this video to get started.

In this Whiteboard video, Chris Kirsch will talk about penetration testing for PCI compliance. If you are a company that accepts credit card payments, you have to comply with PCI. PCI compliance requires that you perform a penetration test at least once a year and after any significant infrastructure or application upgrade. Watch this video to learn more penetration testing for PCI compliance.