PCI SSC Releases Scoping and Segmentation Guidance

February 1, 2017 Kate Donofrio

As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and Segmentation was released to all December 2016.

The guidance includes a lot of great clarifications on scope. For instance, they finally ended the age-old argument of whether a jump server, or anything else for that matter, could descope the administrator workstation/laptop. By the way the answer to that question appears definitively to be NO.

As with most guidance, it has also created a lot of unanswered questions. In my opinion, the best thing so far the guidance has accomplished is that it has provoked a lot of great conversations on scoping and has companies thinking about security. I highly suggest giving it a read and sharing it with your teams.

For more information on the new guidance and scoping scenarios, you can join Jacob Ansari on our free webinar: WEBINAR - Determining Scope for PCI DSS Compliance

About the Author

Kate Donofrio

Kate Donofrio is a Senior Associate with Schellman. Prior to joining Schellman in 2016, Ms. Donofrio has worked as a Senior Security Assessor specializing in PCI DSS compliance audits and information security consulting engagements. Ms. Donofrio also led and supported various other projects, including HIPAA, social engineering exercises, information security training, and technical risk assessments which included vulnerability scanning and penetration testing. She has nearly 15 years combined experience within the information technology and information security fields, comprised of serving clients in various industries, including call centers, financial institutions, healthcare, hospitality, and e-commerce. Further, she has experience with performing both systems and network engineering. Ms. Donofrio is now mainly dedicated to performing PCI DSS assessments.

More Content by Kate Donofrio
Previous Article
Be in the Know: The New Developments on HIPAA Audits
Be in the Know: The New Developments on HIPAA Audits

Over the past several months, there have been some key announcements and developments from the H...

Next Article
What will the Privacy Landscape Be in 2017?
What will the Privacy Landscape Be in 2017?

There have been many changes in the privacy world in the last few years. People are becoming mor...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!