Pointe Solutions provides penetration testing services designed to meet PCI DSS Requirement 11.3 for internal and external testing. The service is conducted either semiannually or annually depending on entity classification, and after significant network changes. The penetration testing methodology is based on industry-accepted standards such as NIST SP 800-115. Testing covers the entire cardholder data environment perimeter and critical systems, performed both inside and outside the network. The service includes manual testing techniques beyond automated scanning. It validates network segmentation and scope-reduction controls to ensure proper isolation of systems. Application-layer testing addresses vulnerabilities from the current OWASP Top Ten list. Network-layer testing examines components supporting network functions and operating systems. The testing incorporates new threats and vulnerabilities experienced within the last 12 months to maintain current security posture assessment. The service is specifically structured to meet all requirements for PCI certification compliance.