Services 2018-03-14T14:16:53+00:00
PCI Services

Validation of compliance with PCI SSC standards is at the core of our business with primary focus on PCI DSS and PA-DSS validation projects.

We offer a full PCI DSS compliance service. Typically, such a service would have the following stages:

  • Scoping and Gap analysis (aka pre-assessment)
  • Remediation consultation
  • Documentation development (if needed)
  • Qualys ASV solution for external vulnerability scans
  • Internal and external penetration tests, including semi-annual segmentation tests
  • Final PCI DSS assessment (audit) resulting in issue of ROC + AOC or SAQ + AOC.

Our approach is oriented towards effective achievement of positive assessment (audit) outcome as opposed to tedious and formal repetition of prescribed audit procedure.
All of our clients who followed our standard approach procedures thus far have obtained PCI DSS compliant status at the first try.

Other complementing PCI DSS services are:

  • Awareness trainings and PCI DSS trainings to clients’ staff
  • IT solution (hardware and/or software) review relevant to PCI DSS compliance
  • PCI DSS network and segmentation review

Our standard PA-DSS validation process includes the following stages:

  • Initial validation and lab-testing
  • Final validation and lab-testing
  • Implementation Guide review and/or development (if needed)
  • Annual Vendor change analysis

Cognit Consult has performed a number of PA-DSS projects validating POS terminal payment applications, TMS and gateway/switching systems (aka hosts).
As with our PCI DSS service, our goal is to employ our extensive experience, knowledge of common errors and misconceptions in order to guide our clients down the quickest path to achieving PA-DSS compliant status.

One of Cognit Consult founders was one of the first QSA to obtain PCI P2PE accreditation in Europe.
We are ready to perform P2PE consultation projects on our customers’ request.

We offer the following PIN Security services:

  • Pre-audit / Gap analysis (preparation for the final assessment/audit)
  • Documentation development
Penetration Tests

Within our penetration test services we offer:

  • External penetration tests
  • Web application penetration tests
  • Internal penetration tests
  • Network segmentation tests
  • Firewall reviews and tests
  • Wireless technology penetration tests
  • Social engineering projects
  • Mobile application tests
  • Source code reviews
Penetration Tests

Within our penetration test services we offer:

  • External penetration tests
  • Web application penetration tests
  • Internal penetration tests
  • Network segmentation tests
  • Firewall reviews and tests
  • Wireless technology penetration tests
  • Social engineering projects
  • Mobile application tests
  • Source code reviews
Consultations and Documentation

We offer various consultation services starting from PCI DSS strategy and program establishment and ending in solving daily operational challenges.

Being small and result oriented company, we can effectively help our customers with their ongoing questions and compliance challenges.

Another popular service in our portfolio is documentation development. Whether it is race against time or simply not enough hands on-board situation, we are able to help with this tedious task. We can offer a set of basic templates or develop tailor made policy and procedural documents.

Vulnerability Scans

We are partnering with Qualys, a well known vulnerability management vendor, to provide ASV scanning solution.

Qualys is a certified ASV scanning vendor, adhering to PCI SSC requirements. They provide easy to use and navigate interface, option to schedule vulnerability scans, do not limit the number of scans the end user can perform within a subscription period and do not require for any software or hardware to be deployed on the end customer premises or infrastructure.

Scan reports are easy to read, clearly indicates if passing score was attained and provide suggested solutions for issues that need addressing.

Vulnerability Scans

We are partnering with Qualys, a well known vulnerability management vendor, to provide ASV scanning solution.

Qualys is a certified ASV scanning vendor, adhering to PCI SSC requirements. They provide easy to use and navigate interface, option to schedule vulnerability scans, do not limit the number of scans the end user can perform within a subscription period and do not require for any software or hardware to be deployed on the end customer premises or infrastructure.

Scan reports are easy to read, clearly indicates if passing score was attained and provide suggested solutions for issues that need addressing.