Skill

assess-pci

Conducts PCI-DSS scope assessment, SAQ selection, gap analysis, and compliance review for payment card handling systems. Provides scope diagrams, requirement status, and remediation plans.

Stripe

security

npx claudepluginhub melodic-software/claude-code-plugins --plugin compliance-planning

Tool Access

This skill is limited to using the following tools:

TaskSkill

Preview

Conduct a comprehensive PCI-DSS scope and compliance assessment.

SKILL.md

Similar Skills

pci-compliance

117

Advises on PCI DSS v4.0.1 compliance including CDE scoping, SAQ selection, gap assessments, QSA audits, and remediation roadmaps for payment card data protection.

3 files

pci-compliance

pci-dss-compliance

Guides PCI DSS compliance planning for payment card handling, covering cardholder data rules, the 12 requirements, scope reduction via tokenization, SAQ selection, and security controls. For e-commerce and payment gateways.

6 tools

compliance-planning

pci-dss-expert

Provides PCI DSS v4.0.1 compliance guidance on ROC/SAQ completion, requirement interpretation, gap analysis, and March 2025 mandatory requirements for payment card security.

4 tools

pci-dss

Stats

Parent Repo Stars40

Parent Repo Forks6

Last CommitFeb 15, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

PCI-DSS Compliance Assessment

Conduct a comprehensive PCI-DSS scope and compliance assessment.

Workflow

Step 1: Load Required Skills

Load these skills:

pci-dss-compliance - PCI requirements and SAQ guidance
security-frameworks - Security control mapping
data-classification - Cardholder data identification

Step 2: Spawn Security Auditor Agent

Spawn the security-auditor agent with the following prompt:

Conduct a comprehensive PCI-DSS compliance assessment for: $ARGUMENTS

Perform the following assessments:

1. Scope Determination
   - Identify all cardholder data flows
   - Map the Cardholder Data Environment (CDE)
   - Identify connected systems
   - Evaluate scope reduction opportunities

2. SAQ Selection
   - Determine appropriate SAQ type
   - Validate SAQ eligibility
   - Identify any disqualifying factors

3. Scope Reduction Analysis
   - Tokenization opportunities
   - P2PE eligibility
   - Hosted payment page options
   - Network segmentation assessment

4. Requirement Assessment (12 Requirements)
   - Req 1-2: Network security
   - Req 3-4: Cardholder data protection
   - Req 5-6: Vulnerability management
   - Req 7-9: Access control
   - Req 10-11: Monitoring and testing
   - Req 12: Security policies

5. Gap Analysis
   - Compare current state to PCI DSS 4.0
   - Identify non-compliant controls
   - Prioritize by risk and deadline

6. Evidence Assessment
   - Review documentation
   - Assess scanning/testing evidence
   - Identify evidence gaps

Provide a complete PCI-DSS assessment with:
- Scope diagram and boundaries
- SAQ recommendation with justification
- Requirement-by-requirement assessment
- Prioritized remediation plan

Step 3: Generate Assessment Report

Ensure the report includes:

Executive summary with compliance status
Scope diagram
SAQ recommendation
Detailed requirement assessment
Remediation roadmap with PCI 4.0 deadlines

Example Usage

# Assess an e-commerce checkout
/compliance-planning:assess-pci "e-commerce checkout using Stripe Elements"

# Assess a retail POS system
/compliance-planning:assess-pci "retail point-of-sale with P2PE terminals"

# Assess a payment gateway integration
/compliance-planning:assess-pci "custom payment processing with direct API integration"

Output Format

# PCI-DSS Assessment: [System Name]

## Executive Summary

### SAQ Type: [A / A-EP / B / B-IP / C / C-VT / D / P2PE]

### Overall Compliance: [COMPLIANT / PARTIAL / NON-COMPLIANT]

| Requirement | Status | Priority |
|-------------|--------|----------|
| 1. Network Security Controls | [Status] | [Priority] |
| 2. Secure Configuration | [Status] | [Priority] |
| ... | ... | ... |
| 12. Security Policies | [Status] | [Priority] |

---

## Scope Assessment

### Cardholder Data Flow
```mermaid
flowchart LR
    Customer --> Website --> PaymentAPI --> Processor
```

### CDE Boundaries

| System | In Scope | Reason |
|--------|----------|--------|

### Scope Reduction Opportunities

| Opportunity | Effort | Impact | Recommendation |
|-------------|--------|--------|----------------|

---

## SAQ Determination

### Recommended SAQ: [Type]

**Justification:**
[Why this SAQ applies]

**Eligibility Confirmation:**

- [ ] Criterion 1
- [ ] Criterion 2

---

## Requirement Assessment

### Requirement 1: Network Security Controls

| Sub-Req | Description | Status | Evidence | Gap |
|---------|-------------|--------|----------|-----|

[Continue for all 12 requirements]

---

## Gap Analysis

### Critical Gaps (Block Compliance)

| Gap | Requirement | Current State | Required State | Deadline |
|-----|-------------|---------------|----------------|----------|

### High Priority Gaps

| Gap | Requirement | Current State | Required State |
|-----|-------------|---------------|----------------|

---

## PCI DSS 4.0 Timeline

| Requirement | Status | Deadline | Action Required |
|-------------|--------|----------|-----------------|

---

## Remediation Roadmap

### Phase 1: Critical (Blocks Compliance)

1. [Action with owner and deadline]

### Phase 2: High Priority

1. [Action]

### Phase 3: Best Practices

1. [Action]

---

## Validation Requirements

- [ ] Quarterly ASV scans
- [ ] Annual penetration test
- [ ] Annual SAQ completion
- [ ] [Other requirements]