PCI DSS mandates annual penetration testing for organizations handling cardholder data, with specific requirements for scope, methodology, and segmentation validation - HIPAA requires risk analysis and appropriate safeguards for ePHI, with penetration testing as a recommended practice - SOC 2 uses p