Description
Annual penetration testing required under PCI DSS Requirement 11.4. Must test both internal and external networks.
Requirements
- Internal network penetration test
- External network penetration test
- Application-layer penetration test
- Remediate critical and high findings
- Retest to validate remediation
Applicable To
Merchants Level 1-3Service Providers
Penalty Information
âš Failure to conduct annual pentest is a direct compliance violation.