When implementing the PCI DSS, it is important to define the areas of your organization to which the Standard will apply. Reducing the cardholder data environment (CDE) can reduce the cost of implementation, but doing so can be a complex and challenging task.
Scoping is the first step on the road to gaining or maintaining PCI DSS compliance and effective scope reduction can reduce the time and cost of becoming compliant.
This green paper will help organizations that are required to comply with the PCI DSS to reduce their CDE in order to minimise compliance costs and resources.
- The importance of determining the system components, people and processes to be included in the assessment, and why an external auditor will not do it for you
- How to create an accurate data flow diagram to map the movement of cardholder data
- What to include when mapping the IT infrastructure and external connections
- Means of reducing the scope, including tips on data storage, segmentation and more.