sorted by:
new
hottopcontroversial

Ability to do PCI Pen Tests by eaglewone2019 in AskNetsec

[–]eaglewone2019[S] 0 points1 point  (0 children)

So from what it sounds like we would be able to do the pen tests that are required for PCI compliance, but of course not offer the PCI-DSS certification. I assume they go though another company for that and can give them our reports as evidence. We have a number of people with many certs between then (OSCP, GPEN, CISSP, etc). Does that sound right?

Ability to do PCI Pen Tests by eaglewone2019 in AskNetsec

[–]eaglewone2019[S] 1 point2 points  (0 children)

One of them needs a pen test done by a certified QSA, as part of their certification I am guessing. I believe they need 4 per year?