Frequently Asked Questions

< Back to search page

What is the scope of a PCI DSS assessment for a network that is not segmented?

FAQ Response

Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of the cardholder data environment, the entire network is in scope for PCI DSS, and all PCI DSS requirements apply.

February 2008
Article Number 1041

What are acceptable formats for truncation of primary account numbers?

How does encrypted cardholder data impact PCI DSS scope for third-party service providers?

Does a QSA need to be onsite at the client’s premises for all aspects of a PCI DSS assessment?

How does encrypted cardholder data impact PCI DSS scope?

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

Frequently Asked Questions

What is the scope of a PCI DSS assessment for a network that is not segmented?

Related Articles