Glossary

Network Segmentation

Network segmentation, also known as segmentation or isolation, is a security technique used to improve the security and efficiency of a network by dividing it into smaller, distinct subnetworks. Each segment or subnet functions as a separate network, which limits access to resources to only those users or systems that require it. This approach is particularly valuable in environments where sensitive data, such as cardholder information, needs to be protected.

The primary goals of network segmentation include:

While network segmentation itself is not a requirement under PCI DSS, it is strongly recommended as a method to secure cardholder data. The PCI DSS documentation provides specific guidance on how to implement network segmentation to ensure that it effectively reduces the scope of compliance assessments.

Implementing network segmentation typically involves the use of firewalls, routers with strong ACLs (Access Control Lists), and other network devices that enforce boundaries between network segments. Proper configuration and regular maintenance of these controls are essential to ensure that segmentation effectively mitigates risks and complies with relevant security standards.

Ready To
Start Saving?