Chapter 4

Determining and Reducing the PCI Scope

Information in this chapter:

• The Basics of PCI DSS Scoping

• The “Gotchas” of PCI Scope

• Scope Reduction Tips

• Planning Your PCI Project

• Case Study

Scoping your PCI environment is one of the most critical things you must get right in your quest to comply with this daunting standard. So many companies have cost themselves thousands and even millions of dollars by over- or under-scoping their environments and applying controls to the wrong subset. It also seems like the easiest way to get into a heated debate around PCI DSS is to find something wrong with a peer’s scoping process or end result. A Special Interest Group (SIG) was put together on this and while ultimately didn’t come out with ...

Get PCI Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.