Built for PCI DSS v4.0.1

Stop managing
PCI compliance in spreadsheets.

Ankos is the compliance ledger for PCI DSS. Whether it's your first assessment or your tenth, Ankos guides you through evidence collection, organizes it by QSA categories, and exports audit-ready packages. One place for everything your QSA needs.

$ curl -sSL https://get.ankos.dev | sh

Start Free Trial View Documentation

AWS·GCP

Cloud coverage

QSA Categories

71+

Requirements

< 5m

To First Evidence

The Problem

Your QSA sent you a spreadsheet. Sound familiar?

Every PCI assessment starts the same way: a massive Document Request List in Excel, evidence scattered across Google Drive, and Jira tickets to track who's doing what. Three systems for one process.

Without Ankos

DRL spreadsheet as the evidence index
Evidence files in Google Drive or SharePoint
Task tracking in Jira or email threads
Screenshots pasted into Google Docs
Weeks of manual evidence gathering
"Did we upload that?" every quarter

With Ankos

One compliance ledger — index, storage, tracking
Evidence organized by 31 QSA categories automatically
CLI auto-collects AWS evidence in seconds
Human-readable summaries, not raw JSON
Carry-forward unchanged evidence between quarters
Export QSA-ready package with one click

First Time Through PCI?

No prior PCI experience? No problem.

Ankos is built for teams going through PCI DSS for the first time. We'll guide you from "what is PCI?" to "here's my evidence package."

We'll scope your cycle

Answer 5 quick questions about your company — how customers pay you, where your infrastructure runs, when your assessment is. Ankos configures your ledger for your specific situation.

You don't need to know PCI yet

Every ledger entry includes plain-English guidance on what the QSA expects. No jargon, no guessing. If something doesn't apply to you, we'll help you mark it N/A with the right justification.

We'll show you where to start

Based on your answers, Ankos gives you a personalized roadmap with your top 3 priorities, assigned owners across your team, and a realistic timeline for your target assessment date.

Want to see how it works? Try the onboarding walkthrough →

The Product

Everything your PCI assessment needs

The compliance ledger replaces your spreadsheets, shared drives, and task trackers.

Compliance Ledger

Every PCI DSS requirement pre-populated and organized by the 31 QSA evidence categories.

Automated Collection

One CLI command to scan your AWS infrastructure. IAM, S3, KMS, VPC, CloudTrail, GuardDuty.

Evidence Guidance

Every entry tells you exactly what the QSA expects. No guessing, no spec hunting.

Readiness Dashboard

Track progress by category, owner, and status. See what's ready for QSA review at a glance.

Quarterly Carry-Forward

Security policies don't change every quarter. Carry forward with one-click attestation.

QSA Evidence Export

Export organized by DRL categories with QSA-standard naming. Ready for assessor review.

Team Collaboration

Invite your team. Assign ownership by category. DevOps, Security, HR — everyone in sync.

Human-Readable Evidence

Scan results processed into clear summaries with findings and guidance, not raw JSON.

CI/CD Integration

Run evidence collection in your pipeline. JSON output, exit codes, API keys included.

The Workflow

From zero to QSA-ready

Three steps. One compliance ledger. Every quarter.

Answer 5 quick questions

Tell Ankos how your customers pay you, where your infrastructure runs, and your team structure. In about 2 minutes, Ankos configures your ledger — scoping entries to your specific situation, marking out-of-scope items as N/A, and assigning ownership across your team. First-time teams get a personalized roadmap with top priorities and a realistic timeline.

Collect evidence, automatically and manually

Install the Ankos CLI and scan your AWS infrastructure. Evidence for IAM, encryption, logging, and network security flows directly into your ledger. For non-automated items, upload PDFs, screenshots, and docs with format-specific guidance.

$ ankos scan --upload
# Scans AWS, uploads evidence to your ledger entries

Export and hand to your QSA

When your evidence is ready, export a complete package organized by DRL categories with QSA-standard file naming, a summary PDF, and integrity hashes. Your QSA opens the package and finds every piece of evidence exactly where they expect it. Ankos prepares the case — your QSA is the judge.

Pricing

Simple, predictable pricing

Start free with the CLI. Upgrade when you need the compliance ledger.

Free CLI

Scanning and local reporting

forever

Unlimited AWS scans
Terminal & JSON output
Remediation guidance
No signup required
CI/CD pipeline friendly

Install CLI

Team

Teams going through PCI

$299/mo

60-day free trial

Compliance Ledger with 31 DRL categories
Auto-populated scan evidence
Manual evidence upload with sign-off
Quarterly carry-forward
Evidence readiness dashboard
QSA evidence package export
Team collaboration with roles
12-month rolling history

Start Free Trial

Enterprise

Coming soon

FAQ

Frequently asked questions

What is Ankos?

Ankos is a compliance ledger for PCI DSS. It replaces the spreadsheets, shared drives, and task trackers teams use to manage PCI evidence: the CLI scans your AWS infrastructure and auto-collects evidence, and the web app organizes everything by the 31 standard QSA evidence categories and exports audit-ready packages.

Ankos is not a QSA. We help your team gather, organize, and present evidence — we never declare that evidence "passes" or "fails" any requirement. That determination is made by a Qualified Security Assessor at the end of your assessment. Ankos prepares the case; your QSA is the judge.

Is this our first PCI assessment — can Ankos help?

Yes — first-time PCI teams are who benefit most from Ankos. When you sign up, a 5-question onboarding wizard configures your ledger for your specific company: it scopes out items that don't apply to you, assigns ownership across your team, and gives you a personalized "start here" roadmap. Every entry includes plain-English guidance explaining what the QSA expects. The CLI automates a significant share of evidence collection from AWS. For manual items, the guidance tells you exactly what to screenshot or upload. You go from "what is PCI?" to "here's my evidence package" without prior assessment experience — and without hiring a consultant.

Does Ankos replace my QSA?

No — and it's not trying to. Your team uses Ankos between cycles to gather and organize evidence. Your QSA performs the formal assessment, reviews the package you export, and makes the final compliance determination. The stronger your case, the faster the assessment — that's what Ankos optimizes for.

Which cloud providers are supported?

The CLI currently supports AWS with collectors for IAM, S3, KMS, VPC, CloudTrail, GuardDuty, RDS, EKS, EC2, WAF, and more. GCP support is coming soon. The compliance ledger works with any cloud provider — you can always upload evidence manually for non-AWS resources.

How does the evidence export work?

When your evidence is ready, click "Export Evidence Package" and Ankos generates a ZIP file containing a summary PDF, evidence files organized by the 31 DRL categories with standard naming conventions, and an integrity manifest. Your QSA can cross-reference the export directly against their Document Request List.

How is Ankos different from broad GRC platforms?

Most compliance platforms cover 20+ frameworks at $10,000–35,000/year. PCI is one checkbox on their feature list. Ankos is PCI-only at $1,788/year — with deeper PCI-specific features: DRL category organization, QSA evidence guidance, PCI requirement mapping, and evidence export in QSA-standard format. If you need many frameworks, use a broad platform. If you need PCI done right, use Ankos.

Your next QSA assessment starts here.

Install the CLI and start collecting evidence in under a minute. No account required.