Supplemental Guidance for PCI DSS Scoping published by PCI Council

In December the PCI Council published a new guidance document addressing the topic “Scoping and Network Segmentation”. While segmentation is not a PCI DSS requirement, it is a strongly recommended practice. Segmentation of networks included in or connected to the cardholder data environment is important for organizations as it can limit the exposure of payment data in a system, simplify PCI DSS compliance efforts and reduce the chance of being targeted by a criminal. However, as improper segmentation can put cardholder data at risk, it’s critical that organizations understand and implement segmentation properly, said the PCI Council.

The published documents are available for download from the PCI Council website:

Press Release PCI Council (external link for download)

Guidance for PCI DSS Scoping and Network Segmentation (external link for download)

Blog entry from Troy Leach, Technology Officer PCI Council (external link)