jaeswift-website/api/data/awesomelist/junhui--awesome-pci-dss.json


			
				
				
					
						
						
						
							
							
								
							
							{"slug": "junhui--awesome-pci-dss", "title": "Awesome Pci Dss", "description": "A curated list of PCI DSS–related resources: standards, SAQs, guidance, tooling, training, community, and example projects.", "github_url": "https://github.com/junhui/awesome-pci-dss", "stars": "0", "tag": "Security", "entry_count": 95, "subcategory_count": 6, "subcategories": [{"name": "General", "parent": "", "entries": [{"name": "Official Resources", "url": "#official-resources", "description": ""}, {"name": "Self-Assessment Questionnaires (SAQs)", "url": "#self-assessment-questionnaires-saqs", "description": ""}, {"name": "Tooling & Frameworks", "url": "#tooling--frameworks", "description": ""}, {"name": "Cloud Compliance", "url": "#cloud-compliance", "description": ""}, {"name": "Implementation Guides", "url": "#implementation-guides", "description": ""}, {"name": "Tools for PCI DSS 6.4.3 and 11.6.1 Compliance", "url": "#tools-for-pci-dss-643-and-1161-compliance", "description": ""}, {"name": "Policy Templates & Resources", "url": "#policy-templates--resources", "description": ""}, {"name": "API Security", "url": "#api-security", "description": ""}, {"name": "Training & Certification", "url": "#training--certification", "description": ""}, {"name": "Community & Forums", "url": "#community--forums", "description": ""}, {"name": "Example Projects", "url": "#example-projects", "description": ""}, {"name": "Books & Publications", "url": "#books--publications", "description": ""}, {"name": "Related Projects", "url": "#related-projects", "description": ""}, {"name": "Contributing", "url": "#contributing", "description": ""}, {"name": "PCI SSC Document Library", "url": "https://www.pcisecuritystandards.org/document_library", "description": "Central hub for all PCI standards and materials"}, {"name": "PCI DSS v4.0.1 Standard", "url": "https://www.pcisecuritystandards.org/document_library?document=PCI_DSS_v4", "description": "Latest release (June 2024)"}, {"name": "PCI DSS Quick Reference Guide", "url": "https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3.pdf", "description": "High-level overview"}, {"name": "PIN Transaction Security (PTS)", "url": "https://www.pcisecuritystandards.org/assessors_and_solutions/pin_transaction_security", "description": "Requirements for POI devices"}, {"name": "PCI SSC Blog", "url": "https://blog.pcisecuritystandards.org/", "description": "Official insights and updates"}, {"name": "SAQ A", "url": "https://www.pcisecuritystandards.org/documents/SAQ_A_v3.pdf", "description": "For fully outsourced e-commerce"}, {"name": "SAQ A-EP", "url": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4-0-SAQ-A-EP.pdf", "description": "Partial e-commerce outsourcing"}, {"name": "SAQ D", "url": "https://listings.pcisecuritystandards.org/documents/PCI-DSS-v4-0-SAQ-D-Merchant.pdf", "description": "All other merchants and service providers"}, {"name": "ROC Template", "url": "https://www.pcisecuritystandards.org/assessors_and_solutions/report_on_compliance", "description": "For QSA assessments"}]}, {"name": "Open Source", "parent": "Tooling & Frameworks", "entries": [{"name": "Wazuh", "url": "https://documentation.wazuh.com/current/compliance/pci-dss/index.html", "description": "HIDS, log analysis, file integrity"}, {"name": "OpenControl", "url": "https://github.com/opencontrol/standards/blob/master/pci-dss.yaml", "description": "Compliance-as-code catalog"}, {"name": "Vault", "url": "https://www.vaultproject.io/", "description": "Secrets management (Req. 3)"}, {"name": "OpenVAS", "url": "https://www.openvas.org/", "description": "Vulnerability scanning"}, {"name": "OSSEC", "url": "https://www.ossec.net/", "description": "Host-based intrusion detection"}, {"name": "Mozilla SSL Configuration Generator", "url": "https://ssl-config.mozilla.org/", "description": "TLS hardening"}]}, {"name": "Commercial", "parent": "Tooling & Frameworks", "entries": [{"name": "Qualys", "url": "https://www.qualys.com/", "description": "Vulnerability scanning, asset inventory, and PCI DSS compliance monitoring"}, {"name": "Tripwire", "url": "https://www.tripwire.com/", "description": "File integrity monitoring, security configuration management, and continuous compliance"}, {"name": "Splunk", "url": "https://www.splunk.com/", "description": "Log management, SIEM, and compliance reporting"}, {"name": "Trustwave", "url": "https://www.trustwave.com/", "description": "Managed PCI compliance services and security solutions"}, {"name": "Tenable", "url": "https://www.tenable.com/solutions/pci", "description": "Comprehensive PCI DSS compliance platform with vulnerability management"}, {"name": "SolarWinds Security Event Manager", "url": "https://www.solarwinds.com/security-event-manager", "description": "Log management, event correlation, and built-in PCI DSS reports"}, {"name": "Secureframe", "url": "https://secureframe.com/", "description": "Automated compliance management, policy enforcement, and risk assessment"}, {"name": "Drata", "url": "https://drata.com/", "description": "Compliance automation, evidence collection, and audit readiness"}, {"name": "Vanta", "url": "https://vanta.com/", "description": "Automated compliance workflows, risk assessment, and live dashboards"}, {"name": "Rapid7 InsightVM", "url": "https://www.rapid7.com/products/insightvm/", "description": "Vulnerability assessment and risk prioritization"}, {"name": "Thales CipherTrust", "url": "https://cpl.thalesgroup.com/encryption", "description": "Data encryption and tokenization solutions"}, {"name": "Imperva WAF", "url": "https://www.imperva.com/products/web-application-firewall-waf/", "description": "Web application firewall for protecting payment applications"}, {"name": "CyberArk", "url": "https://www.cyberark.com/", "description": "Privileged access management for secure authentication"}, {"name": "Okta", "url": "https://www.okta.com/", "description": "Identity and access management for PCI environments"}, {"name": "TokenEx", "url": "https://www.tokenex.com/", "description": "Cloud tokenization for protecting cardholder data"}, {"name": "Orca Security", "url": "https://orca.security/", "description": "Cloud compliance, vulnerability monitoring, and risk prioritization"}, {"name": "AWS Config Conformance Packs", "url": "https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss-4.html", "description": "AWS compliance templates"}, {"name": "AWS PCI DSS Level 1 FAQs", "url": "https://aws.amazon.com/compliance/pci-dss-level-1-faqs/", "description": "Cloud compliance guidance"}, {"name": "Cloud Security Alliance Guide", "url": "https://cloudsecurityalliance.org/artifacts/pci-dss-guidance/", "description": "Cloud-specific compliance"}, {"name": "Multi-Cloud Compliance", "url": "https://orca.security/resources/blog/5-best-practices-pci-dss-compliance-cloud/", "description": "Cross-cloud management"}, {"name": "NIST SP 800-53 Mapping", "url": "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final", "description": "PCI DSS control mappings"}, {"name": "OWASP Secure Coding Practices", "url": "https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/", "description": "Requirement 6 guidance"}, {"name": "SANS PCI DSS Checklist", "url": "https://www.sans.org/white-papers/32969/", "description": "Implementation checklist"}, {"name": "E-commerce Requirements", "url": "https://blog.pcisecuritystandards.org/coffee-with-the-council-podcast-guidance-for-pci-dss-e-commerce-requirements-effective-after-31-march-2025", "description": "Post-March 2025 guidance"}, {"name": "PylonSec", "url": "https://pylonsec.com/", "description": "Comprehensive script governance, real-time tamper detection, automated unauthorized script detection"}, {"name": "Imperva Client-Side Protection", "url": "https://www.imperva.com/products/client-side-protection-csp/", "description": "Discovers and inventories scripts, enforces authorization, verifies integrity via cryptographic hashing"}, {"name": "Feroot", "url": "https://www.feroot.com/", "description": "Script authorization, integrity verification, inventory management, real-time change detection"}, {"name": "DataDome Page Protect", "url": "https://datadome.co/products/page-protect/", "description": "Automated script discovery, inventory, authorization, integrity monitoring, real-time tamper detection"}, {"name": "SecurityMetrics Shopping Cart Monitor", "url": "https://www.securitymetrics.com/shopping-cart-monitor", "description": "Cloud-based Web Integrity Monitoring without installation or configuration"}, {"name": "Foregenix File Integrity Monitoring", "url": "https://www.foregenix.com/services/compliance-and-risk/pci-dss", "description": "Cryptographic hashing to verify and monitor script integrity"}, {"name": "SourceDefense", "url": "https://sourcedefense.com/", "description": "Script inventory, authorization, integrity monitoring with free tier for single page"}, {"name": "Visualping", "url": "https://visualping.io/", "description": "Automated change and tamper detection for payment pages, monitors content and HTTP headers"}, {"name": "CHEQ Privacy Compliance", "url": "https://www.cheq.ai/", "description": "Monitors and intercepts script requests, detects unauthorized changes"}, {"name": "Akamai Client-Side Protection", "url": "https://www.akamai.com/solutions/security/client-side-protection", "description": "JavaScript security, client-side script monitoring, integrity checks"}]}, {"name": "Free Templates", "parent": "Policy Templates & Resources", "entries": [{"name": "WithPCI Policy Templates", "url": "https://withpci.com/resources/templates", "description": "Comprehensive PCI DSS v4.0-aligned templates including Information Security Policy, Incident Response Plan, Change Management, and many more"}, {"name": "FRSecure PCI Policy Template", "url": "https://frsecure.com/pci-policy-template/", "description": "Comprehensive template covering account management, authentication, vendor access, and more"}, {"name": "PCI V4 Policy Templates Sample", "url": "https://pcipolicies.com/products/pci-v4-policy-templates-sample", "description": "Free sample pack including Access Control Policy, Information Security Policy, and more"}, {"name": "SecurityMetrics PCI Templates", "url": "https://www.securitymetrics.com/pci-policies", "description": "Customizable templates for firewall configuration, incident response, and security policies"}, {"name": "Strike Graph PCI DSS Policy", "url": "https://www.strikegraph.com/blog/pci-dss-policy", "description": "Robust, customizable policy template framework covering the 12 core requirements"}, {"name": "SANS Security Policy Templates", "url": "https://www.sans.org/information-security-policy/", "description": "General security policy templates that can be adapted for PCI DSS compliance"}, {"name": "paulveillard/PCI-DSS-Compliance-Toolkit", "url": "https://github.com/paulveillard/PCI-DSS-Compliance-Toolkit", "description": "Checklists, policy templates, and data flow diagram guides"}]}, {"name": "Paid Solutions", "parent": "Policy Templates & Resources", "entries": [{"name": "PCI Policies", "url": "https://pcipolicies.com/", "description": "Professional templates for merchants and service providers with 30+ documents covering all requirements"}, {"name": "IT Governance PCI DSS Documentation Toolkit", "url": "https://www.itgovernance.co.uk/shop/product/pci-dss-documentation-toolkit", "description": "Comprehensive toolkit created by a Qualified Security Assessor"}, {"name": "PCI Policy Portal", "url": "https://pcipolicyportal.com/", "description": "Industry-leading templates for PCI DSS compliance"}, {"name": "NordLayer PCI Compliance Templates", "url": "https://nordlayer.com/learn/pci-dss/pci-compliance-policy/", "description": "Templates tailored for cloud/hybrid environments"}]}, {"name": "Implementation Tips", "parent": "Policy Templates & Resources", "entries": [{"name": "PCI DSS v4.0 API Security Compliance", "url": "https://www.akamai.com/blog/security/meet-pci-dss-v40-api-security-compliance", "description": "Overview of new API security requirements in PCI DSS v4.0"}, {"name": "Requirement 6.2.3 Compliance", "url": "https://www.akamai.com/blog/security/meet-pci-dss-v40-api-security-compliance", "description": "Guide to implementing PCI DSS requirement 6.2.3 for secure custom application code"}, {"name": "Requirement 6.3.2 Implementation", "url": "https://www.akamai.com/blog/security/meet-pci-dss-v40-api-security-compliance", "description": "How to maintain an inventory of custom software components for vulnerability management"}, {"name": "Requirement 6.2.2 for Developers", "url": "https://www.akamai.com/blog/security/meet-pci-dss-v40-api-security-compliance", "description": "Training requirements for software development personnel working on custom software"}, {"name": "PCI SSC Training", "url": "https://www.pcisecuritystandards.org/program_training/", "description": "Official programs"}, {"name": "Cybrary: PCI DSS Practitioner", "url": "https://www.cybrary.it/course/pci-practitioner", "description": "Deep-dive modules"}, {"name": "QSA Qualification", "url": "https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors", "description": "Assessor certification"}, {"name": "Security Journey Blog", "url": "https://www.securityjourney.com/post/free-vs.-paid-pci-training-which-is-best-for-your-organization", "description": "Training resources"}, {"name": "r/pcicompliance", "url": "https://www.reddit.com/r/pcicompliance/", "description": "Reddit community"}, {"name": "Stack Exchange - PCI DSS", "url": "https://security.stackexchange.com/questions/tagged/pci-dss", "description": "Technical Q\\&A"}, {"name": "PCI DSS LinkedIn Group", "url": "https://www.linkedin.com/groups/2577511/", "description": "Professional networking"}, {"name": "PCI Perspectives", "url": "https://blog.pcisecuritystandards.org/", "description": "Official blog"}, {"name": "praiseordu/PCI-DSS-Compliance-Toolkit", "url": "https://github.com/praiseordu/PCI-DSS-Compliance-Toolkit", "description": "Compliance toolkit"}, {"name": "paulveillard/cybersecurity-pci-dss-compliance", "url": "https://github.com/paulveillard/cybersecurity-pci-dss-compliance", "description": "Best practices library"}, {"name": "captbrando/PCI-Compliance-5th-Edition", "url": "https://github.com/captbrando/PCI-Compliance-5th-Edition", "description": "Comprehensive guide"}, {"name": "AWS PCI Templates", "url": "https://github.com/strongjz/aws-pci-dss", "description": "Cloud architectures"}, {"name": "PCI DSS: A Pocket Guide", "url": "https://www.amazon.com/PCI-DSS-Pocket-Guide-Compliance/dp/1787780755", "description": "By Alan Calder"}, {"name": "Payment Card Industry Data Security Standard Handbook", "url": "https://www.amazon.com/dp/111823622X", "description": "By Branden Williams"}, {"name": "PCI Compliance, 5th Edition", "url": "https://www.amazon.com/PCI-Compliance-Fifth-Understanding-Requirements/dp/0128118938", "description": "Comprehensive guide"}, {"name": "Awesome Security", "url": "https://github.com/sbilly/awesome-security", "description": "General security resources"}, {"name": "Awesome Cybersecurity", "url": "https://github.com/fabacab/awesome-cybersecurity", "description": "Broader security topics"}]}]}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink