MITRE ATT&CK® is a framework for evaluating the security of organizations and cybersecurity products/services based on real-world observations of 266 techniques (attacks) tied to12 tactics (goals). The framework also provides mitigations – and this is where I wanted to see how well PCI DSS protects an entity from ATT&CK. My hypothesis is that every mitigation is found in the PCI DSS. I will present the results of my analysis and discuss key findings.