Chapter 4

Determining and Reducing the PCI Scope

Information in this chapter:

• The Basics of PCI DSS Scoping

• The “Gotchas” of PCI Scope

• Scope Reduction Tips

• Planning Your PCI Project

• Case Study

Scoping your PCI environment is one of the most critical things you must get right in your quest to comply with this daunting standard. So many companies have cost themselves thousands and even millions of dollars by over- or under-scoping their environments and applying controls to the wrong subset. It also seems like the easiest way to get into a heated debate around PCI DSS is to find something wrong with a peer’s scoping process or end result. A Special Interest Group (SIG) was put together on this and while ultimately didn’t come out with ...

Get PCI Compliance, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.