Protect cardholder data and maintain PCI DSS compliance with AI-powered automation. SigmaSRC maps controls to all 12 requirements, continuously monitors your cardholder data environment, and generates evidence for QSA assessments.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all companies processing, storing, or transmitting credit card information maintain a secure environment. Developed by major card brands, it applies to any organization handling payment card data.
PCI DSS version 4.0 introduces:
| Level | Annual Transactions | Requirements |
|---|---|---|
| Level 1 | Over 6 million | Annual on-site QSA assessment |
| Level 2 | 1-6 million | Annual SAQ, quarterly scans |
| Level 3 | 20,000 - 1 million | Annual SAQ, quarterly scans |
| Level 4 | Under 20,000 | Annual SAQ recommended |
Requirement 1: Network security controls
Requirement 2: Secure configurations
Requirement 3: Protect stored data
Requirement 4: Encrypt transmissions
Requirement 5: Malware protection
Requirement 6: Secure systems
Requirement 7: Restrict access
Requirement 8: Authentication
Requirement 9: Physical access
Requirement 10: Logging
Requirement 11: Security testing
Requirement 12: Information security policy

| Requirement | SigmaSRC Controls |
|---|---|
| 1. Network Security | Firewall monitoring, segmentation |
| 2. Configurations | Baseline enforcement, drift detection |
| 3. Data Protection | Encryption verification |
| 4. Transmission | TLS monitoring, protocol enforcement |
| 5. Malware | AV verification, scan monitoring |
| 6. Secure Development | Patch tracking, vulnerability management |
| 7. Access | RBAC enforcement, access reviews |
| 8. Authentication | MFA verification, password policy |
| 9. Physical | Access logging, device tracking |
| 10. Logging | Log collection, monitoring, retention |
| 11. Testing | Scan scheduling, IDS monitoring |
| 12. Policy | Policy tracking, training verification |
Organizations processing payments often need multiple compliance certifications:
The SigmaSRC Platform provides unified compliance across all frameworks with shared controls.
PCI-DSS compliance is essential for:
Explore all industry solutions or find solutions for your organization size.
Learn more about payment security compliance:
Ready to automate your PCI-DSS compliance program?