Determining and Reducing the PCI Scope
Information in this chapter:
• The Basics of PCI DSS Scoping
• The “Gotchas” of PCI Scope
• Scope Reduction Tips
• Planning Your PCI Project
• Case Study
Scoping your PCI environment is one of the most critical things you must get right in your quest to comply with this daunting standard. So many companies have cost themselves thousands and even millions of dollars by over- or under-scoping their environments and applying controls to the wrong subset. It also seems like the easiest way to get into a heated debate around PCI DSS is to find something wrong with a peer’s scoping process or end result. A Special Interest Group (SIG) was put together on this and while ultimately didn’t come out with ...