In this chapter, we were introduced to the Payment Card Industry Data Security Standard (PCI DSS) and its goals and requirements for organizations that must be PCI DSS-compliant. We also looked at the various levels of compliance required, depending on the volume of payment card transactions processed yearly. We also learned about the importance of segmentation and its impact on PCI DSS assessments, and then moved on to a detailed look at the scoping process.

Toward the end of the chapter, we learned that only qualified and experienced professionals should be authorized to carry out PCI DSS self-assessments, and also that a PCI DSS ASV must be hired to perform annual external PCI DSS assessments. Lastly, we recapped various tools used in previous chapters throughout the book that can be used specifically to perform assessments.

In the next chapter, we take a look at tools that create reports and help us to tie together all aspects of penetration testing.