{"id":2946,"date":"2020-06-01T14:38:00","date_gmt":"2020-06-01T14:38:00","guid":{"rendered":"http:\/\/10.24.225.70\/?p=2946"},"modified":"2020-06-01T14:38:00","modified_gmt":"2020-06-01T14:38:00","slug":"mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all","status":"publish","type":"post","link":"https:\/\/complior.se\/en\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/","title":{"rendered":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all?"},"content":{"rendered":"<p>Many times, during a PCI DSS assessment, entities are inclined to consider everything that is not Cardholder Data Environment as out of scope. CDE Connected systems that have nothing to do with security (in PCI-DSS terms: Confidentiality and Integrity), like monitoring systems or databases of products, are often forgotten.<\/p>\n\n\n\n<p>When it is time for the PCI DSS assessment, a profound sense of disenchantment appears on the PCI DSS Process Owner of the entity, after the QSA scoping.<\/p>\n\n\n\n<p>Let\u2019s look at one way to get her smiling again.<\/p>\n\n\n\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-center is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"880\" height=\"690\" src=\"https:\/\/rdw4.replior.se\/wp-content\/uploads\/2020\/06\/Data-scope-02.png\" alt=\"\" class=\"wp-image-51115\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-02.png 880w, https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-02-300x235.png 300w, https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-02-768x602.png 768w, https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-02-15x12.png 15w\" sizes=\"auto, (max-width: 880px) 100vw, 880px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h2 class=\"wp-block-heading has-medium-font-size\"><strong>The PCI Council\u2019s statement on scope<\/strong><\/h2>\n\n\n\n<p><em>The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data.<\/em><\/p>\n\n\n\n<p>There is no workaround for that \u201c<em>included in or connected to<\/em><strong><em>\u201d&nbsp;<\/em><\/strong>connectivity may be outbound, inbound or bidirectional and with the following means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Physical<\/li>\n\n\n\n<li>Wireless<\/li>\n\n\n\n<li>Virtualized<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>And, the following statements always apply in a scoping exercise:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Systems located within the CDE are in scope, irrespective of their functionality or reason why they are in the CDE.<\/li>\n\n\n\n<li>Similarly, systems that connect to a system in the CDE are in scope, irrespective of their functionality or reason why they have connectivity to the CDE.<\/li>\n\n\n\n<li>In a flat network, all systems are in scope if any single system stores, processes, or transmits account data.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div style=\"height:70px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>How do we take all those systems that serve my network but have nothing to do with Cardholder Data out of scope?<\/strong><\/h3>\n\n\n\n<p>Simply put: use a proxy.<\/p>\n\n\n\n<p>If your network is well segmented, an IN-SCOPE proxy will decouple the CDE and those systems that might affect the security of the CDE from the rest of your network.<\/p>\n\n\n\n<p>A typical example is a monitoring server with an agent installed on the CDE systems. Without proxy the agent on an in-scope system would establish a direct connection with the monitoring server, bringing it into scope.<\/p>\n\n\n\n<p>With proxy, the agent would preferably only push out information from the in-scope machine to the in-scope proxy and in turn, the proxy will forward such agent information to the monitoring server and if the monitoring server needs to connect back, will connect through the proxy server, bringing the monitoring server out of scope.<\/p>\n\n\n\n<p>The proxy might be of use for different connections for different \u201cservicing\u201d systems, bringing them out of scope, therefore with just one additional system (the proxy) the scope might get much smaller and therefore the headache much less severe.<\/p>\n\n\n\n<p>There are other ways of reducing the scope, such as Tokenization, Containers or Network Segmentation, but this folks, is another story.<\/p>","protected":false},"excerpt":{"rendered":"<p>During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope. This includes CDE connected systems like monitoring systems or product databases, which are crucial for maintaining security.<\/p>","protected":false},"author":2,"featured_media":51113,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":2,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_eb_attr":"","inline_featured_image":false,"_uag_custom_page_level_css":"","wpm_timeformat":"","_wpm_styles":"","footnotes":""},"categories":[118],"tags":[117,127,128],"class_list":["post-2946","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogg","tag-blog","tag-pci","tag-pci-dss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior<\/title>\n<meta name=\"description\" content=\"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/complior.se\/en\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior\" \/>\n<meta property=\"og:description\" content=\"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/complior.se\/en\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/\" \/>\n<meta property=\"og:site_name\" content=\"Complior\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-01T14:38:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1251\" \/>\n\t<meta property=\"og:image:height\" content=\"730\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kikki Bostrom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kikki Bostrom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/\"},\"author\":{\"name\":\"Kikki Bostrom\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\"},\"headline\":\"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all?\",\"datePublished\":\"2020-06-01T14:38:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/\"},\"wordCount\":460,\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Data-scope-01.png\",\"keywords\":[\"Blog\",\"PCI\",\"PCI DSS\"],\"articleSection\":[\"Blogg\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/\",\"name\":\"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Data-scope-01.png\",\"datePublished\":\"2020-06-01T14:38:00+00:00\",\"description\":\"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#primaryimage\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Data-scope-01.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Data-scope-01.png\",\"width\":1251,\"height\":730,\"caption\":\"Data server blog showed as a cartoon icon\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/complior.se\\\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/complior.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/complior.se\\\/#website\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"name\":\"Complior\",\"description\":\"Security beyond compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/complior.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\",\"name\":\"Complior\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"width\":2560,\"height\":960,\"caption\":\"Complior\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\",\"name\":\"Kikki Bostrom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"caption\":\"Kikki Bostrom\"},\"url\":\"https:\\\/\\\/complior.se\\\/en\\\/author\\\/kikki\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior","description":"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/complior.se\/en\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/","og_locale":"en_GB","og_type":"article","og_title":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior","og_description":"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.","og_url":"https:\/\/complior.se\/en\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/","og_site_name":"Complior","article_published_time":"2020-06-01T14:38:00+00:00","og_image":[{"width":1251,"height":730,"url":"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png","type":"image\/png"}],"author":"Kikki Bostrom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kikki Bostrom","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#article","isPartOf":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/"},"author":{"name":"Kikki Bostrom","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016"},"headline":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all?","datePublished":"2020-06-01T14:38:00+00:00","mainEntityOfPage":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/"},"wordCount":460,"publisher":{"@id":"https:\/\/complior.se\/#organization"},"image":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png","keywords":["Blog","PCI","PCI DSS"],"articleSection":["Blogg"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/","url":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/","name":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all? - Complior","isPartOf":{"@id":"https:\/\/complior.se\/#website"},"primaryImageOfPage":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#primaryimage"},"image":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png","datePublished":"2020-06-01T14:38:00+00:00","description":"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope.","breadcrumb":{"@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#primaryimage","url":"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png","width":1251,"height":730,"caption":"Data server blog showed as a cartoon icon"},{"@type":"BreadcrumbList","@id":"https:\/\/complior.se\/mirror-mirror-on-the-wall-whos-in-pci-dss-scope-of-them-all\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/complior.se\/"},{"@type":"ListItem","position":2,"name":"Mirror, Mirror on the wall: who\u2019s in PCI DSS scope of them all?"}]},{"@type":"WebSite","@id":"https:\/\/complior.se\/#website","url":"https:\/\/complior.se\/","name":"Complior","description":"Security beyond compliance","publisher":{"@id":"https:\/\/complior.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/complior.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/complior.se\/#organization","name":"Complior","url":"https:\/\/complior.se\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/","url":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","width":2560,"height":960,"caption":"Complior"},"image":{"@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016","name":"Kikki Bostrom","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","caption":"Kikki Bostrom"},"url":"https:\/\/complior.se\/en\/author\/kikki\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png",1251,730,false],"thumbnail":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01-150x150.png",150,150,true],"medium":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01-300x175.png",300,175,true],"medium_large":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01-768x448.png",768,448,true],"large":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01-1024x598.png",1024,598,true],"1536x1536":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png",1251,730,false],"2048x2048":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01.png",1251,730,false],"trp-custom-language-flag":["https:\/\/complior.se\/wp-content\/uploads\/2020\/06\/Data-scope-01-18x12.png",18,12,true]},"uagb_author_info":{"display_name":"Kikki Bostrom","author_link":"https:\/\/complior.se\/en\/author\/kikki\/"},"uagb_comment_info":0,"uagb_excerpt":"During PCI DSS assessments, entities often mistakenly consider non-Cardholder Data Environment systems as out of scope. This includes CDE connected systems like monitoring systems or product databases, which are crucial for maintaining security.","_links":{"self":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/2946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/comments?post=2946"}],"version-history":[{"count":0,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/2946\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media\/51113"}],"wp:attachment":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media?parent=2946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/categories?post=2946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/tags?post=2946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}