New PCI SSC Scoping & Segmentation Guidance: what does it mean?

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA


Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance on implementing effective segmentation.


In December we discussed that the PCI Council had published a supplement document entitled ‘Guidance for PCI DSS Scoping and Network Segmentation’. Troy Leach, PCI SSC Chief Technology Officer, explained “…This guidance is more detailed than scoping guidance that we have provided before … We understand that many want explicit guidance that explains clearly how to implement segmentation … this guidance paper aims to provide guiding principles that each entity could use in their own network in a way that works best for them.”


In this follow up article and downloadable factsheet we examine closely the published document. Examining the new guidance, asking what does it mean and how does it affect your organisation and your customers?


Read the factsheet


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below