PCI DSS provides several compliance validation tools, such as:
A detailed on-site compliance assessment performed by a PCI SSC certified QSA (Qualified Security Assessor) or by a certified ISA (Inetrnal Security Assessor). The Audit is a detailed review of an organization’s card data environment that result in a RoC (Report on Compliance) and AoC (Attestation of Compliance).
Validation tool primarily used by merchants and service providers not required to undergo on on-site assessment in self evaluating their compliance with the PCI DSS.
External network vulnerability scanning performed quarterly by an PCI SSC Approved Scanning Vendor (ASV) of all Internet-facing system components that are a part of or provide a path to the cardholder data environment.