The latest news update for QSA’s includes news of an upcoming holiday gift for those in the PCI DSS world!
The Security Standards Council plans to publish “Guidance for PCI DSS Scoping and Network Segmentation.” in December 2016. The Council informs that the guidance “aims to clarify scoping and segmentation principles provided in the PCI DSS”.
Other features:
lump of coal
- methods to help organizations identify the systems that, at a minimum, need to be included in scope. (I wonder if this will include multiple alternate methods that an organization can choose between.)
- guidance on how segmentation can be used to help reduce the number of systems that require PCI DSS controls. (Be more interesting if it said “reduce the number of PCI DSS controls for some in scope systems”!)
I am looking forward to reviewing this new guidance to see if they turn out to be what has been on everybody’s wish list for a long time.
Ad below this line:
