Frequently Asked Question

What is the scope of a PCI DSS assessment for a network that is not segmented?

Without proper network segmentation to isolate the systems that store, process or transmit cardholder data from those that do not, all system components in that network are considered part of the cardholder data environment, the entire network is in scope for PCI DSS, and all PCI DSS requirements apply.
April 2012
Article Number: 1041