Trends, Misconceptions, and a Look to the Future of PCI DSS Scoping

Determining the scope of your annual PCI assessment can be an overwhelming task. Guidance from the PCI SSC states that "the best practice approach is to start with the assumption that everything is in scope until verified otherwise." 

While the PCI SSC has issued dozens of guidance documents, FAQs, and SAQs to aid companies in scoping for PCI DSS, many companies have struggled to keep it all straight or have decided to simply stick with what they've been doing. To help you make sense of it all, our team of PCI QSAs put together a guide that breaks down the ways to reduce your PCI DSS scope, common misconceptions, and future changes on the horizon. 

Within this guide, we shed light on: 

  • Scope responsibility - both yours and your QSA's
  • Network segmentation and the role it plays in scope reduction
  • Common misconceptions around SAQs, encryption, iFrames, telephone-based payments, and more
  • Ways to minimize PCI scope
  • The pending MFA deadline of January 2018

Complete the short form to the right, and your download will begin immediately. 

Your privacy is important to us. We never share your personal information with third parties.