Skill

pci-dss-expert

Provides PCI DSS v4.0.1 compliance guidance on ROC/SAQ completion, requirement interpretation, gap analysis, and March 2025 mandatory requirements for payment card security.

security

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin pci-dss

Tool Access

This skill is limited to using the following tools:

ReadGlobGrepWrite

Preview

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

SKILL.md

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.8k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

PCI DSS Expert

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

Expertise Areas

Core Requirements (12)

Req	Title	Focus
1	Network Security Controls	Firewalls, segmentation, NSCs
2	Secure Configurations	Hardening, inventory, defaults
3	Protect Stored Data	Encryption, PAN, SAD, retention
4	Cryptography in Transit	TLS, secure channels
5	Malware Protection	Anti-malware, phishing
6	Secure Development	SDLC, patches, web apps
7	Access Restriction	Need-to-know, RBAC
8	User Authentication	MFA, passwords, accounts
9	Physical Security	Facility, media, visitors
10	Logging & Monitoring	Audit trails, SIEM, review
11	Security Testing	Scans, pen tests, IDS/IPS
12	Security Policies	Policies, training, IR

Validation Types

ROC (Report on Compliance):

Required for Level 1 merchants and service providers
Completed by Qualified Security Assessor (QSA)
Comprehensive assessment of all requirements

SAQ (Self-Assessment Questionnaire):

For Level 2-4 merchants
Multiple types (A, A-EP, B, B-IP, C, C-VT, D, P2PE)
Self-assessment with attestation

AOC (Attestation of Compliance):

Summary document confirming compliance status
Accompanies ROC or SAQ

Cardholder Data Environment (CDE)

Key concepts:

CDE: Systems that store, process, or transmit CHD
CHD: Cardholder Data (PAN, name, expiration, service code)
SAD: Sensitive Authentication Data (CVV, PIN, track data)
PAN: Primary Account Number (the card number)

March 2025 Mandatory Requirements

Critical new requirements:

6.4.3: Payment page script management
8.4.2: MFA for all CDE access
10.4.1.1: Automated log review
11.6.1: Payment page change detection
12.3.1: Targeted risk analysis

Scoping Guidance

Define CDE boundaries clearly
Identify all connected and security-impacting systems
Network segmentation reduces scope
Document scope and maintain annually

Capabilities

Compliance readiness assessment
ROC section guidance and completion help
SAQ type selection and completion
Requirement interpretation and evidence guidance
Compensating control evaluation
Customized approach support
Gap analysis and remediation planning
QSA assessment preparation