Specifications include, but are not limited to: The Metropolitan Atlanta Rapid Transit Authority (“MARTA” or the “Authority”) is soliciting quotes from firmsto audit MARTA’s Automated Fare Collection (AFC) to ensure a state of compliance for Payment Card Industry (PCI), Data Security Standard (DSS), Technical requirements for MARTA’s Information Technology ; The Contractor will use the following sample size of the AFC network to perform the PCI DSS Assessment. I. Physical Locations a. Corporate Office(s): 1 b. Train Stations: Up to 38 c. Data Center(s): 2 II. Technology Infrastructure a. Information System: AFC processing network b. Ticket Vending Machine System (“TVMS”): Up to 400 c. Internet Protocols (“IP”) Subnets in-scope: Up to 35 IP subnets ; I. PCI DSS ASSESSMENT AUDIT AND REPORTS ON COMPLIANCE (Task 1) During this assessment, the Contractor will ensure MARTA's compliance with the following twelve (12) known PCI DSS version 3.2 requirements: 1. Maintain a Secure Network a) Requirement 1: Install and maintain a firewall configuration to protect data. b) Requirement 2: Do not use Contractors supplied defaults for system passwords and other security parameters.