In a world of legacy tech debt failures, daily breach reports, and tapped out IT Security teams, organizations struggle to keep up with the demands and rigor of PCI DSS Compliance. 


There are so many reasons.

  • PCI fatigue
  • PCI amnesia
  • Lack of security and compliance awareness
  • Tapped out IT security and cybersecurity staff
  • Lack of PCI DSS knowledge within compliance and security teams
  • The dreaded brain drain when key personnel leave an organization
  • And the list goes on

When it comes to the critical security control area of Configuration Management, servers and assets get built and pushed into prod without personnel following configuration standards or a build checklist. Before you know it, you’ve got assets failing configuration scanning right and left. And that’s if your organization scans the cardholder data environment on a regular cadence for configuration drift.

If organizations had a Build Clean Keep Clean processes that they continuously followed, they’d minimize risk and exposure from legacy tech debt, keep their systems as locked down as humanly as possible and maintain continuous PCI DSS Compliance for 16 configuration requirements as well as key requirements such as logging, patching, and vulnerability scanning.

The founders of Payment Card Assessments know all to well what it’s like to receive a scan report with over 2,000 configuration failures, a standards team that didn’t communicate changes to the scanning team, and an implementation team that had no idea what they were supposed to do to an in-scope asset before it went into production. 

Payment Card Assessments

We’re excited to announce Build Clean Keep Clean:A PCA Configuration Management Workshop

In our 2 part Build Clean Keep Clean Configuration Management workshop, you’ll learn:

  1. The 5 most common errors organizations make with configuration management
  2. The basics of server hardening
  3. Why scanning is critical to this process
  4. What needs to be included in the scan report
  5. Timeline to remediate configuration drift
  6. 3 common configuration drift scenarios
  7. The benefits and value of implementing a Build Clean Keep Clean process
  8. The Build Clean Keep Clean process that every organization can adopt

As a participant in our 2 part online workshop, you’ll receive:

  1. A zoom link upon registration and a reminder email few days before the workshop. You’ll receive a calendar invite for both part 1 and part 2
  2. Our PCA Configuration Management Guide Book – one week before part 1of the workshop
  3. Plenty of time for Q&A with Peggy and Lisa 
  4. Workshop recordings

Workshop Details:

This is a 2 part workshop. When you register, you are registering for both dates!!


  • Part 1 – Tuesday, January 24, 2023
  • Part 2 – Tuesday, January 31, 2023

Time: 11:30 – 12:30 PM EST (Both dates!)

Where: Online via Zoom

Your investment: $197 per person

05 Mar 2022

Seven Reasons Why Merchants Need A PCI DSS Sustainability Program

Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.

15 Sep 2023

PCI Compliance Essentials For Everyone In Your Organization

In PCI Compliance Essentials we’re dropping serious nuggets of wisdom to help organizations get everyone from system administrators, incident response handlers, billing, C-level executives and everyone else who has a piece of the PCI pie ON THE SAME PAGE and speaking THE SAME LANGUAGE.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.