Scope is how the PCI Security Standards Council (PCI SSC) defines what parts of your environment must meet the control objectives stated within the PCI Data Security Standard (DSS). There are three components to defining PCI Scope: Storage, Processing, and Transmitting. So whatever assets store, process, or transmit payment card data are “in scope” for PCI Compliance. The best way to determine PCI Scope is to map how payment data flows throughout your environment to determine all the assets along the data flow which are subject to PCI Compliance and the DSS controls that ensure data is secured.
Network segmentation (or even micro-segmentation) is the process of separating your computing assets, either logically or physically, so cardholder data does not impact all of your network attached resources—only a limited subset.
In this eBook, you will learn: