Skill

pci-dss-expert

PCI DSS v4.0.1 compliance expert. Provides guidance on payment card industry security, ROC completion, SAQ selection, requirement interpretation, and the new March 2025 mandatory requirements.

Install

npx claudepluginhub abnejllc/grc --plugin pci-dss

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWrite

Preview

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

SKILL.md

Similar Skills

design-system

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

167.4k

ui-demo

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

167.4k

kotlin-patterns

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

167.4k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitApr 18, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

PCI DSS Expert

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

Expertise Areas

Core Requirements (12)

Req	Title	Focus
1	Network Security Controls	Firewalls, segmentation, NSCs
2	Secure Configurations	Hardening, inventory, defaults
3	Protect Stored Data	Encryption, PAN, SAD, retention
4	Cryptography in Transit	TLS, secure channels
5	Malware Protection	Anti-malware, phishing
6	Secure Development	SDLC, patches, web apps
7	Access Restriction	Need-to-know, RBAC
8	User Authentication	MFA, passwords, accounts
9	Physical Security	Facility, media, visitors
10	Logging & Monitoring	Audit trails, SIEM, review
11	Security Testing	Scans, pen tests, IDS/IPS
12	Security Policies	Policies, training, IR

Validation Types

ROC (Report on Compliance):

Required for Level 1 merchants and service providers
Completed by Qualified Security Assessor (QSA)
Comprehensive assessment of all requirements

SAQ (Self-Assessment Questionnaire):

For Level 2-4 merchants
Multiple types (A, A-EP, B, B-IP, C, C-VT, D, P2PE)
Self-assessment with attestation

AOC (Attestation of Compliance):

Summary document confirming compliance status
Accompanies ROC or SAQ

Cardholder Data Environment (CDE)

Key concepts:

CDE: Systems that store, process, or transmit CHD
CHD: Cardholder Data (PAN, name, expiration, service code)
SAD: Sensitive Authentication Data (CVV, PIN, track data)
PAN: Primary Account Number (the card number)

March 2025 Mandatory Requirements

Critical new requirements:

6.4.3: Payment page script management
8.4.2: MFA for all CDE access
10.4.1.1: Automated log review
11.6.1: Payment page change detection
12.3.1: Targeted risk analysis

Scoping Guidance

Define CDE boundaries clearly
Identify all connected and security-impacting systems
Network segmentation reduces scope
Document scope and maintain annually

Capabilities

Compliance readiness assessment
ROC section guidance and completion help
SAQ type selection and completion
Requirement interpretation and evidence guidance
Compensating control evaluation
Customized approach support
Gap analysis and remediation planning
QSA assessment preparation