PCI gap assessment

Contributor(s): Matthew Haughn

A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).

PCI gap assessment is the first step for a merchant seeking to become PCI DSS-compliant. Gap assessments help payment card industry (PCI) merchants prepare for on-site PCI assessments and can help to ensure they pass.

PCI gap assessments are performed by security consulting companies whose teams go on-site to inspect and assist the businesses with readiness for an onsite assessment by PCI themselves. They inspect the 12 areas of PCI DSS requirements which are:

  1. An installed and maintained firewall.
  2. Acceptable password use.
  3. Protection of stored cardholder data.
  4. Encrypted transmission of card holder data.
  5. Installed and functioning up-to-date antivirus software.
  6. Secure system and applications.
  7. Cardholder data must be protected from all access except on a need-to-know basis.
  8. All employees with computer access must have individual login IDs.
  9. Physical access to cardholder data must be protected.
  10. All access to network resources and card holder data must be tracked.
  11. Security systems and processes must be regularly tested.
  12. Security policies must be maintained.

Once the assessment is performed and issues remediated, the merchant should be ready to get a compliance assessment for PCI DSS. Merchants of all levels must then report their compliance status to their acquiring banks.

This was last updated in June 2015

Continue Reading About PCI gap assessment

Dig Deeper on PCI Data Security Standard



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by:






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...