PCI Network Segmentation Penetration Testing

PCI Network Segmentation Penetration Testing

The Purpose of PCI Network Segmentation Penetration Testing is to identify unauthorized access from out-of-scope networks to the in-scope networks that hold sensitive information such as Customer Card Holder Data (CHD)Card holder Data Environment(CDE) is a network segment that stores, processes and transmits cardholder data. Network segments helps in avoiding congestion in the overall network and isolates crucial segments (those that have critical data) from other segments. Every organization follows their own segmentation process and procedures as per their business requirements.Segmentation Penetration Testing is carried out as a requirement of Industry-standard Compliances such as Payment Card Industry Data Security Standards (PCI-DSS).

As per PCI guidelines, Segmentation Penetration Testing is required to be done once every year for merchants and once every six months for merchant service providers.

As per requirements, QRC is capable of performing network segmentation penetration security testing both onsite as well as offsite

  • In an Onsite assessment, a QRC Security operations team personnel will conduct the assessment from a test system provided by the organization or by using laptop systems brought in the client’s environment by the QRC team.
  • Offsite assessment will be conducted remotely from the QRC network by establishing a VPN connectivity to the internal system and logging into test systems present in the organization’s internal environment from where the internal networks would be reachable.

QRC follows a testing checklist approach that ensures that every aspect of the PCI Network Segmentation Penetration Testing is tested thoroughly:


During the entire PCI network segmentation penetration testing, our clients are kept up to date with the ongoing progress by means reporting at each stage. The reporting is supposed to include the whole VLAN structure scope as well as a summary of compliance status. The multiple phases in the process are as stated below:

  1. Introduction Phase:
    Include Scope, Objective, Approach and Pre-requisites to be followed
  2. Process Summary:
    Includes High-Level findings with visualization
  3. Technical Reporting:
    Vulnerability reporting with CVE ratings
    Mitigation recommendations
  4. Final Reporting:
    Final report disclosing the status with fixed or fail status.

Network segmentation helps to make it difficult for an attacker to compromise your system. The more segmented your network is, thesaferit is in balancing the strategy of the business with the need to secure it. Among other benefits of PCI network segmentation penetration testing, the process helps to check the security posture network segments from a PCI compliance point for view.

Standing from a cybersecurity point of view we provide a concise and comprehensive report that details all the necessary aspects of your network segments are as per the PCI security requirement. Our web application security testing program provides the following benefits:

  • Ensures that the Cardholder Data Environment (CDE) is always secure and has limited access from other segments of the network in accordance to the PCI DSS requirements.
  • Ensures that Cardholder Data Environment (CDE) is only accessible from an internal network and never be exposed externally by any means.
  • Ensures that all the necessary security controls are implemented for better containment and improved security.

Get Free Consultation