Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Scope of Cardholder Environment for PCI Compliance
We're preparing for a network penetration test for PCI compliance audit and we are stuck on a merry-go-round about the scope of "cardholder environment."
We accept credit cards through our website and we have credit card readers in several locations that transmit data via Ethernet. We do not store credit card data anywhere. Is the scope of cardholder environment limited to the web servers, databases, and network appliances where credit card data will pass through or does it also include infrastructure that has nothing to do with processing credit card data but is considered part of the cardholder environment by virtue of it being on the same network?
Scott Ciliberti, Chief Information Officer
Enterprise Technology Services
536 Mission Street, Room P-49
San Francisco, CA 94105
I'm participating in the AIDS Lifecycle; a 7-day 545 mile cycling fundraising event between SF and LA. http://www.tofighthiv.org/goto/sciliberti to make a donation.