PCI DSS v3.1 Requirements 11.3.1 and 11.3.2 states that the External penetration testing and Internal penetration testing should be performed at least annually and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).
As stated in PCI DSS Requirements 11.3.1.b and 11.3.2.b, penetration tester is not required to be a QSA or ASV, but it is important to undertake these tests by a qualified tester.
CyberAudit provides professional penetration testing services in United States and worldwide for Organizations to comply with PCI DSS requirement 11.3 (PCI penetration testing).
All our performed PCI DSS penetration testing is undertaken by a Certified Penetration Tester (Managing Director) having more than 10 years Cyber Security Audit experience in broad sector of public, financial and commercial entities worldwide, and having obtained professional certifications, such as Certified Information Systems Auditor (CISA) and Certified Ethical Hacker (CEH) v8 which are the most recognized certifications for auditing and penetration testing worldwide.
For PCI DSS requirements, go to official web site www.pcisecuritystandards.org