be_ixf;ym_202002 d_17; ct_50

Security governance for a resilient business

AT&T security governance programs can help you adhere to regulatory compliance and meet strategic business objectives in a cost-effective manner.

Benefits

What security compliance can achieve for you

Trusted advisor

Trusted advisor with breadth and depth of experience across industries.

Risk management

Increase visibility into critical risks.

Cost-effective

Offers a cost-effective approach to compliance.

Comprehensive solutions

Comprehensive and customized compliance solutions to provide a holistic support.

Actionable insights

Provide actionable recommendations for your enterprise security.

Compliance posture baseline

Sets an enterprise security baseline.

Plans

Combining in-depth knowledge and experience within the industry

Governance, risk, and compliance (GRC) services

Security assessment solutions addressing information security, governance, risk management, compliance and implementation based on up-to-date frameworks for policy and security management. This service is custom tailored to meet the needs of most major industries.

Contact us for pricing

Contact us

Payment Card Industry (PCI) compliance solutions

We provide assessments and remediation consulting, program development, penetration testing and code review services that help companies address specific areas of PCI compliance and security best practices.

 

Contact us for pricing

Contact us

Features and highlights

Security governance that fits your business requirements

Features

Details

Industry standards assessments  ISO 27001 readiness and HITRUST CSF assessments.
AT&T NetBond certification Assess and certify information security program meets regulatory requirements.
Annual PCI assessments  As a PCI Qualified Security Assessor (QSA), we perform PCI assessments on an annual basis.
PCI program management Program manage PCI efforts across an organization based upon specialized knowledge and project coordination experience.
PCI education and training  Education and training to help you work toward the requirements of the PCI data security standard.
Regulatory assessments Provide a compliance posture baseline with actionable remediation measures to help sustain compliance.

Resources

Explore more of AT&T managed cybersecurity services

Solution Brief

Tailored solutions to help meet your governance, risk and compliance goals (PDF).

Solution Brief

Security solutions for Payment Card Industry (PCI) compliance to help protect your cardholder data (PDF).

FAQ

What is the annual assessment for Payment Card Industry Data Security Standards (PCI DSS) compliance?

The annual assessment for Payment Card Industry Data Security Standards (PCI DSS) compliance is a review of your environment, processes, and personnel against PCI standards.

We perform the assessment according to PCI specifications for the networks, servers, and databases used to transmit, store, and process credit card data.

Assessment activities include

  • Interviews
  • Examination of policies, procedures, and other relevant documentation
  • Review of key device configurations

We document the assessment results in a Report of Compliance (RoC) and an Attestation of Compliance.

As a result, you have the information you need to help provide that your environment and processes comply with PCI standards.

What payment card industry (PCI) consulting practice services does AT&T Cybersecurity Consulting offer?

AT&T Cybersecurity Consulting offers a range of comprehensive, customized Payment Card Industry (PCI) consulting practice services that help merchants assess their environments and work to comply with the PCI Data Security Standard (DSS).

The PCI consulting practice services include:

  • Annual PCI Assessments—As a PCI Qualified Security Assessor (QSA), AT&T Cybersecurity Consulting performs PCI assessments, PCI readiness assessments, and PCI health checks. After conducting these onsite assessments, we provide you with compliance reports and attestations, remediation roadmaps, and periodic status checks.
  • PCI Approved Scanning Vendor (ASV)—AT&T cybersecurity consulting is a PCI ASV authorized to perform external vulnerability scans on in-scope Internet-facing infrastructure. The PCI DSS requires merchants to use an ASV for quarterly external vulnerability scans.
  • Payment Application Data Security Standard (PA DSS) Certification—AT&T Cybersecurity Consulting is an approved Payment Application Qualified Security Assessor (PA-QSA). The PCI Standards Council has made this certification mandatory for any organizations that assess payment applications developed for sale.
  • PCI Program Management—AT&T cybersecurity consulting has the project and program management experience to help manage your security governance program and coordinate PCI efforts across your enterprise.

To support your PCI-related security efforts, AT&T cybersecurity consulting also offers vulnerability scanning, penetration testing (network and application), incident response (workshops, retainers, and forensic analysis), training, forensic review, and cardholder/Personally Identifiable Information (PII) data discovery.

What is a Payment Application Qualified Security Assessor (PA-QSA)?

A Payment Application Qualified Security Assessor (PA-QSA) is a security company that the Payment Card Industry (PCI) Security Standards Council has certified to assess compliance with the PCI Payment Application Data Security Standard (PA-DSS).

The Council has made this certification mandatory for payment applications developed for sale. AT&T cybersecurity consulting is a certified PA-QSA.

What is AT&T cybersecurity consulting's methodology for its Payment Card Industry (PCI) consulting practice?

We gain a strong understanding of your business model, cardholder data flows, cardholder data repositories, network architecture, and systems that support the business. This allows us to thoroughly assess your PCI compliance while we are on site and, more importantly, puts us in a position to provide strategic and tactical advice in the event that a PCI objective/control is not met.

In addition, we provide tactical advice by making recommendations to address gaps and adhere to security best practices and provide strategic advice by analyzing the root causes of any PCI-related gaps.

Our security assessors work closely with you to understand your situation and apply security best practices to your environment.

How does AT&T cybersecurity consulting help us comply with U.S. state privacy laws?

AT&T cybersecurity consulting helps you comply with U.S. state privacy laws by assessing your compliance status and then providing recommendations and remediation services.

First, we conduct a baseline assessment to determine how well your security program complies with the current, applicable U.S. state laws. Then we identify any compliance gaps and provide recommendations to eliminate them and improve your overall security posture.

In addition, we offer remediation services to help you achieve compliance with U.S. state privacy laws, including those in Massachusetts and Nevada. State privacy laws to protect sensitive and personally identifiable information are growing in number and complexity. Consequently, you may need to strengthen elements of your security program—such as incident response, breach identification and notification, and identity theft prevention—to meet these requirements.

AT&T cybersecurity consulting provides recommendations in regard to complying with certain laws. However, this should not be considered legal advice or that such recommendations will, in fact, deem an organization compliant.

How can AT&T cybersecurity consulting help us meet the requirements of the Gramm-Leach-Bliley Act (GLBA)?

AT&T cybersecurity consulting can help meet the requirements of the Gramm-Leach-Bliley Act (GLBA) with regulatory and industry standards-based assessments.

To comply with the GLBA mandate, financial institutions must identify and assess security risks, plan and implement security solutions to protect sensitive information, and establish measures to monitor and manage security systems.

AT&T cybersecurity consulting GLBA assessment services help identify immediate security concerns, prioritize gaps between your current infrastructure and the requirements for GLBA compliance, and assist in approving your overall system security posture and projected growth. Using the assessment and gap analysis, we provide you with prioritized recommendations for improving performance, mitigating risk, and working toward compliance with the requirements.

How does AT&T cybersecurity consulting help us meet the requirements of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Health Information Trust Alliance (HIT

AT&T cybersecurity consulting helps you work towards the requirements of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), and Health Information Trust Alliance (HITRUST) by offering regulatory and industry standards-based assessments.

Proper implementation of controls to meet the information protection requirements of HIPAA/HITECH/HITRUST has become increasingly urgent following recent reports of health record data breaches and the transformation of healthcare industry data practices and requirements. Our assessments help benchmark security and privacy security posture. In addition, we provide insight on how to improve existing compliance controls and manage organizational information risks.

Our assessments typically include information gathering via stakeholder interviews, review of existing controls, gap analysis, and providing recommendations.

As a result, you can get the help you need to work toward compliance with these important regulations.

Request info