pci-dss-compliance-mcp

MCP server for PCI DSS v4.0 compliance — browse requirements, assess compliance readiness, generate policies, evidence checklists, and gap analysis for organizations handling payment card data.

Tools

| Tool | Description | |------|-------------| | browse_requirements | Browse PCI DSS v4.0 requirements by family (1-12), priority, SAQ type, or keyword search | | assess_readiness | Score your compliance readiness based on implemented requirements, with per-family breakdown | | generate_policy | Generate policy templates for specific PCI DSS requirements with customizable organization details | | gap_analysis | Identify missing requirements with prioritized remediation roadmap and effort estimates | | evidence_template | Generate evidence collection templates for QSA assessments and audits | | saq_guide | Determine which Self-Assessment Questionnaire (SAQ) type applies to your business |

Coverage

All 12 PCI DSS v4.0 requirement families:

1. Install and Maintain Network Security Controls
2. Apply Secure Configurations to All System Components
3. Protect Stored Account Data
4. Protect Cardholder Data with Strong Cryptography During Transmission
5. Protect All Systems and Networks from Malicious Software
6. Develop and Maintain Secure Systems and Software
7. Restrict Access to System Components and Cardholder Data by Business Need to Know
8. Identify Users and Authenticate Access to System Components
9. Restrict Physical Access to Cardholder Data
10. Log and Monitor All Access to System Components and Cardholder Data
11. Test Security of Systems and Networks Regularly
12. Support Information Security with Organizational Policies and Programs

Installation

npx pci-dss-compliance-mcp

Or install globally:

npm install -g pci-dss-compliance-mcp

Usage with Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "pci-dss-compliance": {
      "command": "npx",
      "args": ["-y", "pci-dss-compliance-mcp"]
    }
  }
}

Usage with VS Code

Add to your .vscode/mcp.json:

{
  "servers": {
    "pci-dss-compliance": {
      "command": "npx",
      "args": ["-y", "pci-dss-compliance-mcp"]
    }
  }
}

Examples

Browse requirements by family

Use browse_requirements with family: 3

Browse critical requirements

Use browse_requirements with priority: "critical"

Search requirements by keyword

Use browse_requirements with keyword: "encryption"

Assess compliance readiness

Use assess_readiness with implementedRequirements: ["1.1", "1.2", "2.1", "3.1", "3.2", "8.1", "8.3"]

Generate a policy

Use generate_policy with requirementId: "3.4", organizationName: "Acme Payments"

Gap analysis with timeline

Use gap_analysis with implementedRequirements: ["1.1", "2.1", "8.1"], targetDate: "2026-12-01", teamSize: "small"

Evidence template for QSA

Use evidence_template with requirementId: "3.4", format: "qsa_assessment"

Determine SAQ type

Use saq_guide with acceptsCards: true, ecommerce: true, redirectsToPaymentPage: true, storesCardData: false

License

MIT

Links

• Full PCI DSS compliance platform: ComplianceIQ
• npm: pci-dss-compliance-mcp