PCI SSC Releases Scoping and Segmentation Guidance

February 1, 2017 Kate Donofrio

As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and Segmentation was released to all December 2016.

The guidance includes a lot of great clarifications on scope. For instance, they finally ended the age-old argument of whether a jump server, or anything else for that matter, could descope the administrator workstation/laptop. By the way the answer to that question appears definitively to be NO.

As with most guidance, it has also created a lot of unanswered questions. In my opinion, the best thing so far the guidance has accomplished is that it has provoked a lot of great conversations on scoping and has companies thinking about security. I highly suggest giving it a read and sharing it with your teams.

For more information on the new guidance and scoping scenarios, you can join Jacob Ansari on our free webinar: WEBINAR - Determining Scope for PCI DSS Compliance

About the Author

Kate Donofrio

Kate Donofrio is a Senior Associate with Schellman. Prior to joining Schellman in 2016, Ms. Donofrio has worked as a Senior Security Assessor specializing in PCI DSS compliance audits and information security consulting engagements. Ms. Donofrio also led and supported various other projects, including HIPAA, social engineering exercises, information security training, and technical risk assessments which included vulnerability scanning and penetration testing. She has nearly 15 years combined experience within the information technology and information security fields, comprised of serving clients in various industries, including call centers, financial institutions, healthcare, hospitality, and e-commerce. Further, she has experience with performing both systems and network engineering. Ms. Donofrio is now mainly dedicated to performing PCI DSS assessments.

More Content by Kate Donofrio
Previous Article
Compliance as Code
Compliance as Code

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/H...

Next Video
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance

Proper scoping remains perhaps the most critical component to successful PCI DSS compliance, and yet still ...