From pci-dss
PCI DSS v4.0.1 compliance expert. Provides guidance on payment card industry security, ROC completion, SAQ selection, requirement interpretation, and the new March 2025 mandatory requirements.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pci-dss:pci-dss-expertThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Deep expertise in Payment Card Industry Data Security Standard v4.0.1.
Deep expertise in Payment Card Industry Data Security Standard v4.0.1.
| Req | Title | Focus |
|---|---|---|
| 1 | Network Security Controls | Firewalls, segmentation, NSCs |
| 2 | Secure Configurations | Hardening, inventory, defaults |
| 3 | Protect Stored Data | Encryption, PAN, SAD, retention |
| 4 | Cryptography in Transit | TLS, secure channels |
| 5 | Malware Protection | Anti-malware, phishing |
| 6 | Secure Development | SDLC, patches, web apps |
| 7 | Access Restriction | Need-to-know, RBAC |
| 8 | User Authentication | MFA, passwords, accounts |
| 9 | Physical Security | Facility, media, visitors |
| 10 | Logging & Monitoring | Audit trails, SIEM, review |
| 11 | Security Testing | Scans, pen tests, IDS/IPS |
| 12 | Security Policies | Policies, training, IR |
ROC (Report on Compliance):
SAQ (Self-Assessment Questionnaire):
AOC (Attestation of Compliance):
Key concepts:
Critical new requirements:
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
5plugins reuse this skill
First indexed Jul 10, 2026
npx claudepluginhub vantainc/claude-grc-engineering --plugin pci-dss