ReddRadar
Agent skill
pci-dss-compliance-automator
PCI DSS compliance assessment and reporting for cardholder data protection, SAQ automation, and ASV scan orchestration
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/pci-dss-compliance-automator
SKILL.md
PCI DSS Compliance Automator Skill
Purpose
Automate Payment Card Industry Data Security Standard (PCI DSS) compliance activities including cardholder data environment scoping, SAQ questionnaire automation, ASV scan orchestration, control validation, and compliance reporting.
Capabilities
Cardholder Data Environment (CDE) Scoping
- Identify systems storing, processing, or transmitting cardholder data
- Map cardholder data flows
- Document network segmentation
- Identify connected and security-impacting systems
- Generate CDE scope documentation
Self-Assessment Questionnaire (SAQ) Automation
- Determine appropriate SAQ type (A, A-EP, B, B-IP, C, C-VT, D, P2PE)
- Auto-populate questionnaire responses from evidence
- Track compensating controls
- Generate SAQ submissions
ASV Scan Orchestration
- Schedule and manage ASV vulnerability scans
- Track quarterly scan requirements
- Manage scan disputes and remediation
- Aggregate scan results across environments
- Monitor passing scan status
Control Validation by Requirement
- Requirement 1: Network security controls
- Requirement 2: Secure configurations
- Requirement 3: Protect stored account data
- Requirement 4: Protect data in transit
- Requirement 5: Malware protection
- Requirement 6: Secure systems and software
- Requirement 7: Restrict access by business need
- Requirement 8: User identification and authentication
- Requirement 9: Physical access restrictions
- Requirement 10: Logging and monitoring
- Requirement 11: Security testing
- Requirement 12: Security policies
Evidence Collection
- Automated evidence gathering for each requirement
- Policy and procedure documentation
- Configuration evidence capture
- Log sample collection
- Access control evidence
Compliance Reporting
- Generate Attestation of Compliance (AOC)
- Prepare Report on Compliance (ROC) artifacts
- Create compliance dashboards
- Track compliance metrics over time
PCI DSS v4.0 Coverage
Build and Maintain Secure Network
- Req 1: Install and maintain network security controls
- Req 2: Apply secure configurations
Protect Account Data
- Req 3: Protect stored account data
- Req 4: Protect cardholder data during transmission
Maintain Vulnerability Management
- Req 5: Protect against malicious software
- Req 6: Develop and maintain secure systems
Implement Strong Access Control
- Req 7: Restrict access to system components
- Req 8: Identify users and authenticate access
- Req 9: Restrict physical access
Monitor and Test Networks
- Req 10: Log and monitor access
- Req 11: Test security regularly
Maintain Security Policy
- Req 12: Support information security with policies
Integrations
- SecurityMetrics: PCI compliance and ASV scanning
- Qualys: Vulnerability scanning and PCI compliance
- Trustwave: ASV scanning and compliance services
- PCI Council Tools: Official PCI SSC resources
- Cloud Provider Tools: AWS, Azure, GCP compliance tools
Target Processes
- PCI DSS Compliance Process
- Quarterly ASV Scanning
- Annual Assessment Preparation
- Cardholder Data Protection
Input Schema
{
"type": "object",
"properties": {
"assessmentType": {
"type": "string",
"enum": ["full", "saq", "asv", "scope", "gap"],
"description": "Type of PCI DSS assessment"
},
"merchantLevel": {
"type": "integer",
"enum": [1, 2, 3, 4],
"description": "PCI merchant level"
},
"saqType": {
"type": "string",
"enum": ["A", "A-EP", "B", "B-IP", "C", "C-VT", "D-Merchant", "D-ServiceProvider", "P2PE"],
"description": "Applicable SAQ type"
},
"cdeScope": {
"type": "object",
"properties": {
"systems": { "type": "array", "items": { "type": "string" } },
"networks": { "type": "array", "items": { "type": "string" } },
"applications": { "type": "array", "items": { "type": "string" } }
}
},
"asvTargets": {
"type": "array",
"items": { "type": "string" },
"description": "IP addresses/hostnames for ASV scanning"
},
"existingDocumentation": {
"type": "string",
"description": "Path to existing PCI documentation"
}
},
"required": ["assessmentType"]
}
Output Schema
{
"type": "object",
"properties": {
"assessmentId": {
"type": "string"
},
"assessmentType": {
"type": "string"
},
"assessmentDate": {
"type": "string",
"format": "date-time"
},
"cdeScope": {
"type": "object",
"properties": {
"inScopeSystems": { "type": "array" },
"connectedSystems": { "type": "array" },
"outOfScopeSystems": { "type": "array" },
"segmentationStatus": { "type": "string" }
}
},
"requirementStatus": {
"type": "array",
"items": {
"type": "object",
"properties": {
"requirement": { "type": "string" },
"status": { "type": "string", "enum": ["compliant", "non-compliant", "not-applicable", "compensating-control"] },
"findings": { "type": "array" },
"evidence": { "type": "array" }
}
}
},
"asvResults": {
"type": "object",
"properties": {
"scanDate": { "type": "string" },
"passingStatus": { "type": "boolean" },
"vulnerabilities": { "type": "array" },
"disputes": { "type": "array" }
}
},
"saqResponses": {
"type": "object"
},
"gapAnalysis": {
"type": "array"
},
"complianceScore": {
"type": "number"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
Usage Example
skill: {
name: 'pci-dss-compliance-automator',
context: {
assessmentType: 'full',
merchantLevel: 2,
saqType: 'D-Merchant',
cdeScope: {
systems: ['Payment Gateway', 'POS Terminal', 'Web Store'],
networks: ['Payment VLAN', 'DMZ']
}
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?