A PCI DSS Self Assessment is “technically” just that, a self-assessment you or your organization can undertake on your own. Great, you may be thinking, it’s just a few check the boxes and I’m done, right?
Not so fast. Many organizations that have to become PCI DSS compliant quickly run into a brick wall on the self-assessment activities because they simply lack the technical knowledge or have trouble locating specific resource in which they need.
My advice, seek the council of a Payment Card Industry Qualified Security Assessor (PCI-QSA) in helping you navigate the waters of PCI DSS Self Assessment compliance. A good PCI QSA should charge you a nominal, fair fee and will definitely give you the “pointers” you need in truly understanding the pitfalls of PCI DSS self assessment.
Keep this in mind with any PCI DSS self assessment: You need to understand certain technology and security requirements of your “cardholder environment” and you need to be able to develop policies and procedures for a number of measures.
Good luck and get compliant!