PCI Requirement 126.96.36.199 – Confirm PCI DSS Scope by Performing Penetration Testing on Segmentation
Description: Learn more at https://kirkpatrickprice.com/video/pc...
Are you a service provider? Do you use segmentation for the purpose of PCI scope reduction? PCI Requirement 188.8.131.52 outlines new PCI penetration testing requirements and caused confusion among many service providers. PCI Requirement 184.108.40.206 states, “If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.”
PCI Requirement 220.127.116.11 requires that a penetration test, which validates the scope and effectiveness of segmentation controls, be performed every six months or after any changes to segmentation controls. The purpose of this additional penetration test is to ensure that segmentation controls continue to operate effectively throughout the year. The continual, complete isolation between CDE and non-CDE systems is key to your PCI compliance.
Our approach to compliance with PCI Requirement 18.104.22.168 involves more than simply validating segmentation controls through port scanning activities. The PCI DSS specifies that penetration testing must be performed, meaning that it is not sufficient to only perform something like nmap scans from non-CDE to CDE networks. Additional effort is required in order to meet this requirement for penetration testing, and our team of penetration testers is ready to help.
More Free Resources
White Papers: https://kirkpatrickprice.com/white-pa...
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.
For more about KirkpatrickPrice: https://kirkpatrickprice.com/
Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/