• Trustwave

    Enterprise-class PCI Services

  • Speak with a Trustwave sales specialist to learn more.

    Looking for support? Use our global network of support specialists to get help. Get support now
      
  • Enterprise Compliance Programs Simplified

    Enterprises and service providers depend on Trustwave to establish and improve their Payment Card Industry (PCI) compliance programs and strengthen their security posture. Trustwave can help you achieve your compliance goals and build a sustainable security program.

Overview

  • Trustwave delivers industry-leading assessment services and compliance-enabling technology to enterprises and service providers that must comply with the Payment Card Industry (PCI) Data Security Standard (DSS). Trustwave Compliance Validation Service (CVS) can help you proactively manage and streamline your PCI compliance efforts and ensure the process is completed with security in mind.

Benefits

  • Trustwave is the leader in PCI consulting and compliance validation services. We have more experience than any other Qualified Security Assessor Company (QSA-C) in managing large and complex assessments. We’ll help you establish your compliance program security strategy, and simplify the way you manage compliance and risk.

    • Establish Best Practices

      Our trusted compliance and security advisors help you create a strong and strategic foundation. We also conduct and manage assessments, and deliver elite testing and remediation services.

    • Reduce Complexity

      Uniform security policies and integrated technologies are developed, deployed and delivered easily and consistently across your business.

    • Conserve Resources

      Built-in best practices and industry-leading compliance tools simplify technology deployment and reduce the time and resources you spend on achieving and maintaining compliance.

    • Improve Visibility and Control

      The TrustKeeper® portal delivers centralized, integrated and on-demand management of compliance and security programs.

    • Make Security a Priority

      Our PCI approach is designed with the security of your business in mind. We've developed the right tools - powered by managed services and technology - to help your business become secure and help you validate compliance with the PCI DSS.

How It Works

  • Whether you are a large enterprise or service provider, Trustwave offers comprehensive CVS engagements to help you achieve and continuously maintain PCI compliance.

    Your CVS engagement is delivered through the TrustKeeper portal that delivers centralized, integrated and on-demand management of compliance and security programs. TrustKeeper Compliance Manager helps you securely manage and validate your PCI DSS compliance activities. In addition, TrustKeeper Vulnerability Manager aids you in meeting external vulnerability scanning requirements.

    PCI compliance is not a snapshot in time, but a continuous process that requires well-architected security solutions, ongoing diligence and planning. Trustwave offers unmatched resources, experience and industry-leading compliance tools in guiding you through the process – from initial scheduling of your PCI review to final preparation of your Report on Compliance (ROC) and Attestation of Compliance (AOC).

    Trustwave CVS provides a dedicated team of experts to work with you, including a Qualified Security Assessor (QSA) who performs the assessment, a managing consultant who acts as your trusted advisor for our ongoing business relationship, and other experts depending on the size and complexity of your engagement. The compliance validation assessment includes five phases including ongoing quarterly business reviews and the option to add remediation services if needed.

    • Five Phases of Compliance

      Compliance validation is demonstrated and assessed in five progressive phases:

    • 1 Engagement Scoping and Discovery

      Your QSA assesses the scope of your cardholder data environment to verify all locations, applications and flows of cardholder data have been included.

    • 2 Onsite Assessment and PCI DSS Requirement Testing

      Trustwave reviews and analyzes your organization’s policies, procedures, configurations and dataflow diagrams as required for validating PCI DSS compliance. Trustwave also conducts interviews and observes systems and processes to validate your compliance.

    • 3 Draft Report on Compliance Creation

      Your QSA drafts your Report on Compliance (ROC) and Attestation of Compliance (AOC).

    • 4 Quality Assurance and Final ROC and AOC

      The Trustwave independent Quality Assurance team evaluates the reports to be sure that they accurately reflect your environment and can withstand internal and external scrutiny.

    • 5 Closeout Meetings and Delivery of Final Reports

      Completion of the process results in a written ROC to be provided to acquiring banks and an AOC which states your organization’s compliance status.

  • Ongoing Compliance Activity Review

    In addition to the assessment activities that lead to the final report on compliance, Trustwave provides quarterly Business-as-Usual (BAU) reviews throughout the contract term. The BAU reviews confirm that periodic activities such as vulnerability scans, penetration testing and log reviews are completed as required and that ongoing controls are being properly maintained.

    Gap Analysis and Remediation

    Some organizations will require a gap analysis before the compliance validation. Trustwave security consultants work with your organization to define any gaps in your PCI DSS compliance or your security posture. This can be followed by Gap Assessment Remediation to provide an action plan designed to address any compliance gaps.

    We know every organization operates differently and has different needs based on maturity in complying with standards. To learn more about Compliance Validation Service Bundles, download the data sheet.

    TrustKeeper Centralizes the Process

    Delivered through TrustKeeper, Compliance Manager provides a centralized dashboard for the management of the annual assessment process. Compliance Manager supports rich interaction with Trustwave through the compliance validation process, including:

    • Central management for compliance activities
    • Document, evidence artifact and report repositories

    Trustwave is a PCI Approved Scanning Vendor (ASV) and all CVS bundles include TrustKeeper Vulnerability Manager for Trustwave External Vulnerability Scanning (EVS). Trustwave proprietary scanning services enable your organization to meet the PCI DSS requirement for external vulnerability scanning, while providing security, support, self-scan and reporting capabilities. The CVS offering includes a defined set of external vulnerability scans as part of the subscription.

    Full Suite of PCI Services

    Trustwave is recognized by the PCI Security Standards Council as a qualified Payment Application Data Security Standard (PA-DSS) assessor, point-to-point encryption (P2PE) assessor and a PCI Forensic (PFI) investigator.

    When validating applications, our team will conduct interviews with stakeholders and thoroughly review documentation before completing functional and security testing of the application. The assessment includes technical and forensic review of the application components, transaction logs and cardholder data storage to ensure prohibited data (such as full track and card security codes) are not stored.

    Complete Trustwave Vulnerability Management Services

    Trustwave offers a full suite of Vulnerability Management services that deliver proactive scanning, testing and remediation of application, database and network vulnerabilities. Our integrated, on-demand security testing platform, you can rapidly identify and address security weaknesses, which helps you significantly reduce threats and risks to customer data, financial information, intellectual property, and more. The PCI DSS requires internal vulnerability scanning and internal and external penetration testing.

     

    Trustwave Managed Security Testing (MST) delivers on-demand, precision penetration testing with just a few clicks – duplicating malicious attacks against your systems. Subscribers log in to schedule web application and internal or external network. MST offers database, network and application testing. Wireless network penetration testing is also available as a separate service to help address risks inherent to your wireless infrastructure.


  • Trustwave Security Solutions Help Streamline Compliance

    Trustwave security technologies have evolved in response to customer challenges and our expertise in compliance. A business that employs security best practices with diligence will find greater efficiency throughout the compliance process. And as your validation program uncovers gaps in your business’ security, Trustwave has the right solutions to help you achieve your IT and security goals without overspending.

    • SIEM and Managed SIEM

      Log Management Enterprise (LME) addresses needs for compliance, security audits, and basic security analysis and management. Trustwave Managed SIEM services provide world-class expertise, threat intelligence, efficiency and automation otherwise unavailable to most organizations.

    • Policy and Procedure Development

      Trustwave can help you build a customized set of internal policies to protect sensitive data and help you meet your compliance requirements. Trustwave consultants conduct interviews with your key stakeholders and help develop a comprehensive set of policies for implementation within your organization.

    • Security Awareness, Training and Education

      The PCI DSS requires merchants and service providers to implement a formal security awareness program and ensure employees understand the importance of handling cardholder data securely. Trustwave Security Awareness, Training and Education courses range from secure development practices, training for technical staff and awareness geared to specific job roles. Delivered online, Trustwave Security Awareness, Training and Education is ideal for organizations that need a company-wide program to help employees stay vigilant and aware.

    • Social Engineering Testing

      As hardware and software security has become more effective, hackers are increasingly turning toward the human component as the penetrable point. Social engineering testing helps you identify vulnerabilities so you can educate your employees and prevent breaches. Trustwave experts will attempt to lure users with a fake website and phishing attempts. You will receive a detailed report that includes:

      • Which users were included in the social engineering attempts
      • Which users were susceptible to the attempts
      • Which accounts were successfully compromised

       

    • Endpoint Protection with File Integrity Monitoring

      The Trustwave Endpoint Protection Suite delivers a complete defense-in-depth coverage for your users, network and data, including: integrated policy enforcement, compliance management, anti-virus and anti-malware. Add-on modules include Windows log collection, application white listing and File Integrity Monitoring (FIM). FIM examines OS and registry file data on Windows-based POS devices, computers and servers, and alert you to potentially risky or non-compliant activity.

    • Physical Security Assessment and Testing

      Trustwave can identify the vulnerabilities of your facilities, both externally and internally, by testing your physical security controls for technical weaknesses.


  • Support When you Need It

    Online Support

    Visit the TrustKeeper support section for contact information

    Email Support

    Fast responses to your questions, day or night. Support@trustwave.com

    Phone Support

    Available 24 hours a day, 7 days a week.
    +1 (800) 363-1621