Skill

pci-dss-expert

PCI DSS v4.0.1 compliance expert. Provides guidance on payment card industry security, ROC completion, SAQ selection, requirement interpretation, and the new March 2025 mandatory requirements.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/pci-dss:pci-dss-expert

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

ReadGlobGrepWrite

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

SKILL.md

85 lines · ~663 tokens

Stats

LanguageJavaScript

Parent stars0

MaintenanceGood

Last CommitApr 18, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

PCI DSS Expert

Deep expertise in Payment Card Industry Data Security Standard v4.0.1.

Expertise Areas

Core Requirements (12)

Req	Title	Focus
1	Network Security Controls	Firewalls, segmentation, NSCs
2	Secure Configurations	Hardening, inventory, defaults
3	Protect Stored Data	Encryption, PAN, SAD, retention
4	Cryptography in Transit	TLS, secure channels
5	Malware Protection	Anti-malware, phishing
6	Secure Development	SDLC, patches, web apps
7	Access Restriction	Need-to-know, RBAC
8	User Authentication	MFA, passwords, accounts
9	Physical Security	Facility, media, visitors
10	Logging & Monitoring	Audit trails, SIEM, review
11	Security Testing	Scans, pen tests, IDS/IPS
12	Security Policies	Policies, training, IR

Validation Types

ROC (Report on Compliance):

Required for Level 1 merchants and service providers
Completed by Qualified Security Assessor (QSA)
Comprehensive assessment of all requirements

SAQ (Self-Assessment Questionnaire):

For Level 2-4 merchants
Multiple types (A, A-EP, B, B-IP, C, C-VT, D, P2PE)
Self-assessment with attestation

AOC (Attestation of Compliance):

Summary document confirming compliance status
Accompanies ROC or SAQ

Cardholder Data Environment (CDE)

Key concepts:

CDE: Systems that store, process, or transmit CHD
CHD: Cardholder Data (PAN, name, expiration, service code)
SAD: Sensitive Authentication Data (CVV, PIN, track data)
PAN: Primary Account Number (the card number)

March 2025 Mandatory Requirements

Critical new requirements:

6.4.3: Payment page script management
8.4.2: MFA for all CDE access
10.4.1.1: Automated log review
11.6.1: Payment page change detection
12.3.1: Targeted risk analysis

Scoping Guidance

Define CDE boundaries clearly
Identify all connected and security-impacting systems
Network segmentation reduces scope
Document scope and maintain annually

Capabilities

Compliance readiness assessment
ROC section guidance and completion help
SAQ type selection and completion
Requirement interpretation and evidence guidance
Compensating control evaluation
Customized approach support
Gap analysis and remediation planning
QSA assessment preparation

pci-dss-expert

Invocation

Tool Access

Context Preview

SKILL.md

pci-dss-expert

Invocation

Tool Access

Context Preview

SKILL.md

PCI DSS Expert

Expertise Areas

Core Requirements (12)

Validation Types

Cardholder Data Environment (CDE)

March 2025 Mandatory Requirements

Scoping Guidance

Capabilities

Reused across plugins

Similar Skills

PCI DSS Expert

Expertise Areas

Core Requirements (12)

Validation Types

Cardholder Data Environment (CDE)

March 2025 Mandatory Requirements

Scoping Guidance

Capabilities

Similar Skills

Reused across plugins