PCI DSS v4.0.1 wants proof, not a snapshot.
So does a real attacker.
PCI DSS v4.0.1 asks for internal and external penetration testing and segmentation testing across your cardholder-data environment. SpartanX supports that program with a continuous adversary that proves exploitability inside and out, and hands you the evidence. It supports your program and complements your QSA; it does not make you compliant on its own.
Internal and external testing, plus segmentation, on a defined cadence.
Requirement 11.4 of PCI DSS v4.0.1 calls for a documented penetration-testing methodology and internal and external penetration testing at least once every twelve months and after any significant change. Requirements 11.4.5 and 11.4.6 require testing that segmentation controls actually isolate the cardholder-data environment. Requirement 11.3 adds regular internal and external vulnerability scans. The v4.0.1 requirements are current and in force.
Anyone that stores, processes, or transmits cardholder data.
PCI DSS applies to merchants and service providers that handle payment card data. The cardholder-data environment, the systems connected to it, and the segmentation meant to keep everything else out are all in scope, which is exactly where an adversary looks first.
Test the CDE the way an attacker would, continuously.
Continuous coverage, and evidence that holds up.
Instead of a single annual test that ages the moment it is filed, you get continuous internal and external testing, segmentation proof, and a live evidence trail, so you are examination-ready between assessments, not just the week before one.
Support your PCI DSS v4.0.1 testing program with a continuous adversary.
See how SpartanX proves exploitability across your CDE and hands you the evidence.