© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2023
A. B. Cooper Jr. et al.The Definitive Guide to PCI DSS Version 4https://doi.org/10.1007/978-1-4842-9288-4_15

15. Segmentation and Tokenization

Arthur B. Cooper Jr.1  , Jeff Hall2, David Mundhenk3 and Ben Rothke4
(1)
Colorado Springs, CO, USA
(2)
Minneapolis, MN, USA
(3)
Austin, TX, USA
(4)
Clifton, NJ, USA
 
Segmentation is one of the most misunderstood aspects of PCI compliance. Many people read too deeply into the DSS about segmentation. On page 12 of PCI DSS version 4,1 it states that segmentation of the CDE from the remainder of an entity’s network is not a PCI DSS requirement. The next sentence, though, does clarify that segmentation is strongly recommended as ...

Get The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.