A live look at where your cipher suites and protocols stand against PCI DSS 12.3.3 — scanned from your real domain, right now. Then the QSA-ready evidence pack you'd receive, and how a two-week engagement works.
PCI DSS 4.0.1 Requirement 12.3.3 — mandatory since March 2025 — requires a documented, annually-reviewed inventory of every cipher suite and protocol you run, with anything weak or deprecated flagged. The usual answer is a spreadsheet rebuilt by hand before each audit, already stale, with no proof it matches what's actually running across your code, configs, and live endpoints.
An up-to-date inventory of every cipher suite & protocol in use.
Re-confirmed at least every 12 months, with deprecated crypto tracked.
Code, configuration, and live TLS — partial coverage is where audits stall.
Type your domain. CipherM connects to your live TLS endpoint and maps exactly what it negotiates — protocol, cipher suite, forward secrecy, certificate strength, and whether early TLS is still accepted — scored against PCI DSS 12.3.3 in seconds. (This is the live-TLS surface; the full assessment also reads code & config.)
Reads only the public TLS handshake on port 443. No login, no data stored.
The live scan is the surface. A Rapid Assessment scans your code, configs, and live TLS together and produces the full inventory: a CycloneDX CBOM plus a human-readable, control-by-control 12.3.3 evidence pack with a CISO summary and remediation plan — the exact artifact your assessor signs off.
We scan your source, configuration, and live TLS, and review your certificate and KMS posture by hand.
You get a CycloneDX CBOM, a 12.3.3 evidence pack mapped control-by-control, a CISO summary, and a prioritized remediation plan.
$5,000–$8,000 by scope. No quote-only games, no open-ended retainer, no six-month enterprise cycle. One founder call each week.
We'll scope it on a 20-minute call and have your evidence pack back in two weeks.