CompliancePCI-DSS 4.0

PCI-DSS 4.0

Pencheff covers the PCI-DSS v4.0 technical requirements most commonly exercised by external auditors. Use the pci-dss or compliance-full profile.

Requirements covered

RequirementMeaningPencheff module
2.2Secure configurationscan_infrastructure, scan_dockerfile, scan_kubernetes
4.1Strong cryptographyscan_infrastructure (SSL/TLS)
6.2Bespoke / custom software secure developmentSCA + IaC + DAST
6.5.1Injection flawsscan_injection
6.5.7Cross-site scriptingscan_client_side, scan_dom_xss
6.5.8Broken access controlscan_authz
6.5.10Broken authentication / session mgmtscan_auth, scan_oauth, scan_advanced
6.6Web application firewall or code reviewscan_waf
7.1 / 7.2Access controlscan_authz
8.1 / 8.2 / 8.3Strong authentication + MFAscan_auth, scan_mfa_bypass
11.3Internal + external vuln scansscan_host_vulns, scan_network_misconfig

Report

pencheff run-policy policies/examples/pci_dss.yaml

The resulting DOCX includes a PCI-DSS 4.0 mapping table listing every requirement touched by the scan, and the findings that hit each.