Most merchants don’t fall short on PCI because they’re careless — they fall short because nobody ever told them which Self-Assessment Questionnaire they’re supposed to complete, or what’s actually missing before they sign it. The PCI DSS v4.0 Readiness & Gap Analysis answers both. Aegis AI™ reads how you accept cards and what your environment looks like, determines the SAQ that fits your business, and produces a per-requirement gap analysis across all 12 PCI DSS v4.0 requirements — covered, partial, or gap — with a prioritized path toward attestation.
What you get for $995
- Your applicable SAQ, determined. Based on how you actually accept cards — e-commerce, in person, phone or mail, virtual terminal, fully outsourced — we identify the SAQ type that fits (A, A-EP, B, B-IP, C, C-VT, P2PE, or D) and explain why, so you stop guessing which questionnaire your acquiring bank expects.
- Every requirement, accounted for. All 12 PCI DSS v4.0 requirements and their controls, marked covered, partial, or gap. Nothing is assumed in place — what isn’t evidenced is flagged for review, never quietly counted as passing.
- A prioritized remediation roadmap. The gaps that matter most first, by risk, with the evidence an assessor will ask you to produce for each — sequenced over 30/60/90 days.
How it runs
- Minute 0. Stripe processes the $995 payment. Welcome email with your intake link.
- Minutes 5–15. Short intake — how you accept cards, where card data flows, your environment. Optional read-only connectors (AWS, Azure, Microsoft 365, Okta, CrowdStrike) for a live-scanned upgrade, or skip and get an intake-based directional analysis.
- Hours 1–8. Aegis AI runs the analysis, generates the PDF, and emails it. That’s it. No call. No 300-question binder.
What this is not
- Not a QSA assessment. PCI validations run through Qualified Security Assessors and your acquiring bank. This is the measurement you take before they arrive.
- Not a completed SAQ or a signed AOC. The analysis prepares you to complete and sign yours — it does not certify or guarantee PCI DSS compliance, and the indicated SAQ type is a starting point to confirm against the current PCI SSC SAQ Instructions and, where applicable, your acquiring bank or QSA.
- Not legal advice. You remain responsible for your own validation and attestation.
Run yours
OFAC and Authorized Signatory certification required at intake. Service is for organizations not subject to U.S. sanctions and signed by an officer authorized to bind the company.
Checkout is being switched on today. If the button doesn’t open Stripe yet, email agents@ai4ciso.ai with the subject “PCI Readiness” and your secure Stripe checkout link comes back the same day.