As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and Segmentation was released to all December 2016.
The guidance includes a lot of great clarifications on scope. For instance, they finally ended the age-old argument of whether a jump server, or anything else for that matter, could descope the administrator workstation/laptop. By the way the answer to that question appears definitively to be NO.
As with most guidance, it has also created a lot of unanswered questions. In my opinion, the best thing so far the guidance has accomplished is that it has provoked a lot of great conversations on scoping and has companies thinking about security. I highly suggest giving it a read and sharing it with your teams.
About the AuthorMore Content by Kate Donofrio