Payment Card Industry PCI Compliance | Understanding the SCOPE of a PCI DSS Assessment.

Payment Card Industry PCI Compliance and Scope. A grey area that can use much clarification regarding Payment Card Industry Data Security Standards Compliance, simply known as PCI DSS to many, is the ability to conceptually understand what the scope of a PCI DSS actually is. According to the PCI DSS standards, scope is relevant to the “cardholder” environment and would only include the cardholder environment IF adequate network segregation/segmentation is in place.

In essence, if you have essentially “carved out” and isolated the cardholder environment, then that is the scope. However, if the cardholder environment is meshed and configured into your overall network environment, then the scope would grow substantially.

Why? Because if you (i.e., Any entity directly involved in the processing, storage, or transmission of transaction data or cardholder data) cannot confirm and ensure your cardholder environment is isolated, then an assessment for PCI DSS compliance would invariably include all “system components” associated with that cardholder environment.

To learn more about Payment Card Industry PCI Compliance and becoming PCI DSS compliant, please contact NDB, Advisory