PCI DSS - The Criticality of Scoping

PCI DSS - The Criticality of Scoping

Razorthorn Security – Education Seminar
The Criticality of Scoping (created for PCI DSS London)

Introduction
Of all the PCI DSS project work that takes place in a PCI DSS project one of the most critical parts to undertake is a full scoping to understand the environment that will need to become PCI DSS compliant.

Far too often the simple aspect of PCI DSS scoping is misunderstood, meaning that projects are quite often mis-scoped at their initial stages, causing projects to undertake remediation activities that are either not needed or can miss remediation that is. Scoping is by far the most important part of a PCI DSS project to get right, failure to do so can cause significant delays or problems when seeking full PCI DSS compliance.

During this session we will explore the following points of discussion:

  • A QSA view on the importance of scoping
  • The Basics - How to scope a PCI DSS project
  • The three rules of PCI DSS scoping
  • Third Parties
  • Things to be careful of