PCI network compliance consultants

[Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>]

Colleagues-

I'm wondering if anyone has had experience or could recommend a
vendor/consulting firm that provides expertise on (re)designing our
campus infrastructure to be "PCI compliant". I put that in quotes
because the exact scope and definition of PCI compliance as it relates
to the underlying network architecture is a bit of a gray area, to put
it mildly.

With the more recent revisions to the PCI DSS security standards there
has been an increased focus on the network architecture itself, i.e.
step 1 of the '12 steps' of compliance that deal primarily with ensuring
proper business practices and user actions.

Rather than a traditional audit of existing applications and university
data handling policies, I'm really looking for more technical network
design advice as it relates to supporting PCI compliant applications and
devices. In other words, a consulting firm that can address all of the
details involved in PCI-DSS step #1 "Build and maintain a secure
network" so that our definition of a 'secure network' aligns with the
Payment Card Industry's definition.

Thanks,

Jeff Giacobbe
Assistant Vice President Enterprise Technology Services
Montclair State University