PCI-DSS Scope minimization

5 pts.
Tags:
Data Security Program
PCI
PCI compliance
PCI DSS
i am trying to prepare a methodology on how to implement PCI-DSS.i prepared my scope but now i want to know what are the exact steps which one would have to follow to SHRINK OR MINIMIZE SCOPE. can someone help me. Thank you

Answer Wiki

Thanks. We'll let you know when a new response is added.

To minimize the Scope, you first have to understand where is your Card data (stored, transferred and processed) and document it as requested by PCI DSS. Then you have to analize what kind of data is where, as there are different requirements for different types of data. Accoding to results, try to use network segmentation and firewalls in order to limit access to network segment where data is stored or processed. Appendix F of PCI DSS, “Requirements and Security Assesment procedures” shows the process of identificaton of the scope that should be used by QSA Auditor. You can use the same to understand what is acceptable.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following