PCI DSS Scope Refresher ⤵️
1. The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment.
✅The cardholder data environment (CDE) is comprised of ‼️people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. ‼️
✅System components” include network devices, servers, computing devices, applications, etc.
2. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data.
❗️Furthermore, the PCI SSC Information Supplement: Guidance for PCI DSS Scoping and Network Segmentation states that the following scoping concepts always apply:
3. Systems located within the CDE are in scope, irrespective of their functionality or the reason why they are in the CDE.
4. Similarly, systems that connect to a system in the CDE are sin scope, irrespective of their functionality or the reason they have connectivity to the CDE.
5. In a flat network, all systems are in scope if any single system stores, processes, or transmits account data.
✅If you’re still scratching your head about What’s In Scope For PCI DSS Assessment, give us a shout at Payment Card Assessments, LLC.
✅We’ve got a training course and step-by-step instructions to help you get your PCI Scope as accurate as possible.
#pcidss #pcidssv4