A PCI DSS Gap Analysis reviews an organization’s cardholder data environment (CDE) against the latest version of the Payment Card Industry Data Security Standard (PCI DSS). In-scope systems and networks are reviewed and a detailed report is compiled, showing areas that need attention.
A PCI compliance gap analysis starts with a Qualified Security Assessor (QSA) mapping the critical information processes and technical infrastructure to determine where PCI controls have an impact on the business to:
After the assessment, your QSA will prepare a full report that will provide an executive summary and detailed analysis of the status of controls and give high-level recommendations and options for remediation.
By identifying your gaps, you can:
If you are responsible for implementing the PCI DSS in your organization, you should ask yourself: