The PCI Security Standards Council (PCI SSC) has released a new supplement informative entitled: Guide segmentation and scope of PCI DSS for network architectures modern. This document, prepared by the Special Interest Group (SIG) 2023 brings together the expertise in security of payments professionals in the industry and offers practical guidance for applying the techniques of segmentation and scope of the PCI DSS in a wide range of network architectures.
Why is it relevant this new supplement?
With the increased adoption of network architectures modern, as the supporting cloud services, and networks of trust zero, the ecosystem of payments has undergone significant changes. Now, it is common to see data environments card holders (CDE) that combine clouds, multiple architectures, network-traditional. Organizations face challenges to understand and adapt the practices of segmentation and scope of PCI DSS to these new settings. This paper addresses these challenges and offers the best practices to follow.
Key points from the guide:
- Impact of the architecture of trust zero in the scope of the PCI DSS
The adoption of trusted networks, zero can influence how you define the scope of PCI DSS and in the segmentation of networks. The paper offers a detailed analysis of how these new settings affect security controls and compliance. - Segmentation in implementations of microsegmentación and multiple clouds
Architectures hybrid network, which includes both microsegmentación as multiple clouds, require specific approaches to define the limits of the scope of the PCI DSS. The guidance provides clarity on how to handle these complex environments. - Managing inventory of assets PCI DSS environments ephemeral
With the changing and dynamic nature of the microservicios and systems in the cloud, to maintain an updated inventory of assets is a challenge. The guide suggests strategies to ensure effective control of these assets in architectures modern. - Risks associated with the network architectures modern
The complexity of the current settings presents additional risks. The guide highlights the most common risks, and offers practical solutions to mitigate them. - PCI DSS requirements for controls segmentation and scope
To comply with the specific requirements of PCI DSS remains essential, and the document provides detailed guidance to verify that the practices of segmentation and scope are implemented correctly.
To whom this document is addressed?
This supplement is intended for merchants, service providers and evaluators, who may benefit from the practical guidance and real-world examples included. Although complementary to the standards PCI DSS, does not replace existing standards. It is a valuable resource to define the scope and to apply the segmentation network architectures modern, helping organizations to stay up to date with security best practices.
Collaboration driven by the community
This document is the result of the collaboration between the Special Interest Group of the PCI SSC, composed by participating organizations that have been proposed and selected this topic. Interest groups are driven initiatives for the community to address the challenges of security of payments by encouraging the collaboration between experts in the field and the PCI SSC.
For more details, see the supplement full informative here.
This launch underlines the ongoing commitment of the PCI SSC in helping organizations to adapt to a technological landscape in constant evolution, while maintaining the highest standards of security to protect the information of the card holders in networks that are increasingly complex.
