J. SeamanPCI DSShttps://doi.org/10.1007/978-1-4842-5808-8_8

8. De-scoping the Scoping Risk

Jim Seaman¹

(1)

Castleford, West Yorkshire, UK

Scoping means¹

The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices, and applications.
—PCI DSS v3.2.1,² p. 10

Although de-scoping your CDE from your non-CDE is highly recommended, it is not currently a mandated requirement. However, if you should decide to reduce your PCI DSS burden ...

Get PCI DSS: An Integrated Data Security Standard Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI DSS: An Integrated Data Security Standard Guide by Jim Seaman

8. De-scoping the Scoping Risk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly