Nov 01, 2010
Organizations who handle payment card data are obligated to comply with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
PCI DSS requirements apply to all system components that are included in or connected to the cardholder data environment (CDE). The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data, including terminals, network components, servers, and applications. Any device or application that process, transmits, or stores cardholder data and anything connected to those devices or applications is �in scope� for PCI DSS. This inclusive definition of what needs to be secured has made PCI DSS compliance a complex and costly endeavor for many merchants.
Scope reduction � the process of limiting or shrinking the CDE - is a way to reduce costs and effort associated with complying with PCI DSS. This whitepaper discusses how the TransArmor solution can enable scope reduction and ease the burden of PCI compliance.