PCI Security Standards require penetration tests be done by a qualified 3rd party or qualified internal resource that is organizationally independent. Most organizations choose to work with outside pentesters for their expertise as well as the simplicity of scoping a project with them.
A key benefit of working with 3rd party assessors is the unique perspective that each brings, to help strengthen your security posture. While there are general standards for penetration testing, different assessors may find different results. With the complexity of network architectures, and the need to evaluate within a specific scope, opting to work with multiple vendors over time helps minimize vulnerabilities.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form