PCI DSS v4.0.1 wants you to harden the containers your card data flows through. Continuous evidence, not annual screenshots.
The pain
Your QSA arrives next quarter and asks for continuous evidence of CDE hardening. Your container scan reports are stale and live in three separate tools. Optimal ships the evidence as a product feature, refreshed on every request, branded for your audit. PCI DSS v4.0.1 ready out of the box.
What ships with the platform
Three phases of the same platform, applied to your Financial Services workloads.
// 01 · Harden
DISA STIG and CIS baselines applied to the containers in your CDE. Fix PRs against your Git with concrete Dockerfile and Helm patches.
// 02 · Verify
Continuous scan against PCI v4.0.1 Requirements 1, 2, 6, 10, 11. Drift in production raises a finding, not a quarterly surprise.
// 03 · Prove
PCI DSS v4.0.1 evidence emitter, SOC 2 evidence emitter, NYDFS-aligned audit trail. Your QSA reads a live feed.
Frameworks covered
Your compliance team is reading this. No marketing wrap. The frameworks Optimal generates evidence against, with the relevant control areas called out.
PCI DSS v4.0.1 Cardholder Data Environment hardening + Requirements 1, 2, 6, 10, 11 evidence.
SOC 2 Common Criteria + additional criteria, emitted from operational state.
ISO 27001:2022 Annex A controls mapped to scanning and hardening output.
NYDFS Part 500 Audit-trail emitter aligned to 23 NYCRR 500.06.
What stays with you
Optimal hardens, scans, and emits evidence for the containers and cloud config you operate. Your CDE definition, your QSA relationship, your business processes, and your access management remain yours. The shared responsibility matrix draws the boundary explicitly so your compliance team knows where Optimal ends and you begin.
The full shared responsibility matrix ships with the platform.