Frequently Asked Question

Can VLANS be used for network segmentation?

In general, implementing adequate network segmentation can reduce the scope of the PCI DSS assessment if it isolates systems that store, process, or transmit cardholder data from other systems. While this segmentation can be implemented with, for example, properly-configured internal firewalls, routers with strong access control lists, VLANs, or other technologies that restrict access to a particular network segment, the PCI Security Standards Council is not able to offer an opinion about how your organization can achieve adequate network segmentation since it requires an understanding of security features and controls implemented in your environment. We encourage you to contact a Qualified Security Assessor (QSA) to assist in scoping your cardholder data environment and recommend methods specific to your organization to help reduce the scope of your PCI DSS assessment. Our list of QSAs can be found at: List of QSA Assessors
July 2012
Article Number: 1135