Your selected question
What do I really have to do to become PCI DSS compliant?
According to the merchant level the merchant will either have to complete an annual Self Assessment Questionnaire (SAQ), or an Annual On-site Security Audit.
For those who self assess, we still recommend that merchants enlist the help of a Qualified Security Assessor (QSA), at least in the early stages, but this is not mandatory. On site security audits have to be validated by a QSA.
In addition, if the merchant has an e-commerce presence, they will have to complete (and pass) quarterly Network Scans, which have to be validated by an Approved Scanning Vendor (ASV).
Some QSAs are also ASVs.
You can find a list of approved QSAs on the VISa site at: https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf
You can find a list of approved ASVs on the Visa site at: https://www.pcisecuritystandards.org/pdfs/asv_report.html
How useful did you find the answer given?
Not at all Very useful