Many companies struggle to understand and implement all of the requirements under the Payment Card Industry’s Data Security Standards (PCI DSS). In response, the PCI Council has issued a guidance document – Guidance for PCI DSS Scoping and Network Segmentation – to give merchants some practical direction.
The guidance helps companies identify systems and networks that should be included in the scope of PCI DSS analysis. Further, it offers guidance on how network segmentation can effectively reduce the number of systems that fall under the PCI DSS scope.
Some key notes from the guidance:
- Only systems that contain sensitive cardholder information, or are connected to those systems, fall under PCI DSS requirements.
- By storing less information, companies can minimize PCI DSS compliance efforts.
- By using network segmentation, companies can reduce the number of systems falling under PCI DSS requirements.
The recommendations in this document can help entities large and small understand the PCI scoping requirements and how to apply network segmentation to reduce your exposure. For any further questions on these topics, feel free to reach out to our vCISO team at firstname.lastname@example.org.