Maintaining PCI DSS Compliance is a multi-team effort. And it starts with knowing what's in scope for assessment. Your network and cardholder data flow diagrams are the heart and soul of your continuous PCI DSS Compliance program.

Wait. What? We need a network diagram?

If you thought documenting your in scope PCI DSS processes were tough, getting alignment on the network diagram is like pulling teeth.

Why? I’m glad you asked.

The more complex your network environment is, the more people you’ll have involved with the creation, approval, and maintenance of your network diagram.

Likewise, the more cardholder data flows you have, the more data flow diagrams you’ll need. 

Toss in the requirement for ownership, accountability, and responsibility of network and cardholder dataflow diagrams and you’ll have people pointing fingers at anyone else but themselves.

Let’s begin at the beginning and start with the PCI DSS requirement and testing procedures for maintaining a current and accurate network diagram.

Maintaining PCI DSS Compliance: Network Diagram Requirements

PCI DSS Requirement 1.2.3 

An accurate network diagram(s) is maintained that shows all connections between the CDE and other networks, including any wireless networks.

Testing Procedure:

1.2.3.a Examine diagram(s) and network configurations to verify that an accurate network diagram(s) exists in accordance with all elements specified in this requirement.

1.2.3.b Examine documentation and interview responsible personnel to verify that the network diagram(s) is accurate and updated when there are changes to the environment.

The Purpose of Requirement 1.2.3:

  • Maintaining an accurate and up-to-date network diagram(s) prevents network connections and devices from being overlooked and unknowingly left unsecured and vulnerable to compromise.
  • A properly maintained network diagram(s) helps an organization verify its PCI DSS scope by identifying systems connecting to and from the CDE.

Trust us. Keeping up with your network diagrams goes a long way when it comes to maintaining your PCI DSS Compliance.

But wait. Is there more?

What Needs To Be Included In Your Network Diagrams

The PCI DSS outlines what you need to include in your diagrams.

Keep in mind, your diagram must show ALL connections between your CDE and all other networks, including wireless.

Best practice: Get everyone connected to the network diagram on the same page for keeping it current and accurate!

You must identify the following:

  • All connections to and from all system components in the CDE, including
    • Systems providing security services
    • Systems providing management services
    • Systems providing maintenance services
  • The network diagram should also include the following:
    • All locations, including retail locations, datacenters, corporate locations, cloud providers,etc.
    • Clear labeling of all network segments
    • All security controls providing segmentation, including unique identifiers for each control (for example, name of control, make, model, and version).
    • All in-scope system components, including
      • NSCs
      • web app firewalls
      • anti-malware solutions
      • change management solutions
      • IDS/IPS
      • log aggregation systems
      • payment terminals
      • payment applications
      • HSMs, etc
  • Clear labeling of any out-of-scope areas on the diagram via a shaded box or other mechanism.
  • Date of last update, and names of people that made and approved the updates.
  • A legend or key to explain the diagram.
  • Diagrams should be updated by authorized personnel to ensure diagrams continue to provide an accurate description of the network.

Did you catch all those “all” statements?

Unfortunately, that word “all” gets overlooked all. the. time. (See what I did there?)

A current network diagram plays a vital role in your overall PCI DSS Compliance program. Not only is it REQUIRED but it’s also used in a number of requirements to validate that you’ve established the correct configurations for your network security controls. 

And by the way, having a network diagram is critical when it’s time to do your end-to-end scope assessments. 

Need More Help With Identifying Your Scope For PCI DSS Compliance?

On Demand Workshop

{"type":"elementor","siteurl":"https://paymentcardassessments.com/wp-json/","elements":[{"id":"844173d","elType":"widget","isInner":false,"isLocked":false,"settings":{"image":{"url":"https://paymentcardassessments.com/wp-content/plugins/elementor/assets/images/placeholder.png","id":"","size":""},"image_size":"large","image_custom_dimension":{"width":"","height":""},"caption_source":"none","caption":"","link_to":"none","link":{"url":"","is_external":"","nofollow":"","custom_attributes":""},"open_lightbox":"default","align":"","align_tablet":"","align_mobile":"","width":{"unit":"%","size":"","sizes":[]},"width_tablet":{"unit":"%","size":"","sizes":[]},"width_mobile":{"unit":"%","size":"","sizes":[]},"space":{"unit":"%","size":"","sizes":[]},"space_tablet":{"unit":"%","size":"","sizes":[]},"space_mobile":{"unit":"%","size":"","sizes":[]},"height":{"unit":"px","size":"","sizes":[]},"height_tablet":{"unit":"px","size":"","sizes":[]},"height_mobile":{"unit":"px","size":"","sizes":[]},"object-fit":"","object-fit_tablet":"","object-fit_mobile":"","object-position":"center center","object-position_tablet":"","object-position_mobile":"","opacity":{"unit":"px","size":"","sizes":[]},"css_filters_css_filter":"","css_filters_blur":{"unit":"px","size":0,"sizes":[]},"css_filters_brightness":{"unit":"px","size":100,"sizes":[]},"css_filters_contrast":{"unit":"px","size":100,"sizes":[]},"css_filters_saturate":{"unit":"px","size":100,"sizes":[]},"css_filters_hue":{"unit":"px","size":0,"sizes":[]},"opacity_hover":{"unit":"px","size":"","sizes":[]},"css_filters_hover_css_filter":"","css_filters_hover_blur":{"unit":"px","size":0,"sizes":[]},"css_filters_hover_brightness":{"unit":"px","size":100,"sizes":[]},"css_filters_hover_contrast":{"unit":"px","size":100,"sizes":[]},"css_filters_hover_saturate":{"unit":"px","size":100,"sizes":[]},"css_filters_hover_hue":{"unit":"px","size":0,"sizes":[]},"background_hover_transition":{"unit":"px","size":"","sizes":[]},"hover_animation":"","image_border_border":"","image_border_width":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_border_width_tablet":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_border_width_mobile":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_border_color":"","image_border_radius":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_border_radius_tablet":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_border_radius_mobile":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"image_box_shadow_box_shadow_type":"","image_box_shadow_box_shadow":{"horizontal":0,"vertical":0,"blur":10,"spread":0,"color":"rgba(0,0,0,0.5)"},"caption_align":"","caption_align_tablet":"","caption_align_mobile":"","text_color":"","caption_background_color":"","caption_typography_typography":"","caption_typography_font_family":"","caption_typography_font_size":{"unit":"px","size":"","sizes":[]},"caption_typography_font_size_tablet":{"unit":"px","size":"","sizes":[]},"caption_typography_font_size_mobile":{"unit":"px","size":"","sizes":[]},"caption_typography_font_weight":"","caption_typography_text_transform":"","caption_typography_font_style":"","caption_typography_text_decoration":"","caption_typography_line_height":{"unit":"px","size":"","sizes":[]},"caption_typography_line_height_tablet":{"unit":"em","size":"","sizes":[]},"caption_typography_line_height_mobile":{"unit":"em","size":"","sizes":[]},"caption_typography_letter_spacing":{"unit":"px","size":"","sizes":[]},"caption_typography_letter_spacing_tablet":{"unit":"px","size":"","sizes":[]},"caption_typography_letter_spacing_mobile":{"unit":"px","size":"","sizes":[]},"caption_typography_word_spacing":{"unit":"px","size":"","sizes":[]},"caption_typography_word_spacing_tablet":{"unit":"em","size":"","sizes":[]},"caption_typography_word_spacing_mobile":{"unit":"em","size":"","sizes":[]},"caption_text_shadow_text_shadow_type":"","caption_text_shadow_text_shadow":{"horizontal":0,"vertical":0,"blur":10,"color":"rgba(0,0,0,0.3)"},"caption_space":{"unit":"px","size":"","sizes":[]},"caption_space_tablet":{"unit":"px","size":"","sizes":[]},"caption_space_mobile":{"unit":"px","size":"","sizes":[]},"_title":"","_margin":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_margin_tablet":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_margin_mobile":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_padding":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_padding_tablet":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_padding_mobile":{"unit":"px","top":"","right":"","bottom":"","left":"","isLinked":true},"_element_width":"","_element_width_tablet":"","_element_width_mobile":"","_element_custom_width":{"unit":"%","size":"","sizes":[]},"_element_custom_width_tablet":{"unit":"px","size":"","sizes":[]},"_element_custom_width_mobile":{"unit":"px","size":"","sizes":[]},"_element_vertical_align":"","_element_vertical_align_tablet":"","_element_vertical_align_mobile":"","_position":"","_offset_orientation_h":"start","_offset_x":{"unit":"px","size":0,"sizes":[]},"_offset_x_tablet":{"unit":"px","size":"","sizes":[]},"_offset_x_mobile":{"unit":"px","size":"","sizes":[]},"_offset_x_end":{"unit":"px","size":0,"sizes":[]},"_offset_x_end_tablet":{"unit":"px","size":"","sizes":[]},"_offset_x_end_mobile":{"unit":"px","size":"","sizes":[]},"_offset_orientation_v":"start","_offset_y":{"unit":"px","size":0,"sizes":[]},"_offset_y_tablet":{"unit":"px","size":"","sizes":[]},"_offset_y_mobile":{"unit":"px","size":"","sizes":[]},"_offset_y_end":{"unit":"px","size":0,"sizes":[]},"_offset_y_end_tablet":{"unit":"px","size":"","sizes":[]},"_offset_y_end_mobile":{"unit":"px","size":"","sizes":[]},"_z_index":"","_z_index_tablet":"","_z_index_mobile":"","_element_id":"","_css_classes":"","e_display_conditions":"","motion_fx_motion_fx_scrolling":"","motion_fx_translateY_effect":"","motion_fx_translateY_direction":"","motion_fx_translateY_speed":{"unit":"px","size":4,"sizes":[]},"motion_fx_translateY_affectedRange":{"unit":"%","size":"","sizes":{"start":0,"end":100}},"motion_fx_translateX_effect":"","motion_fx_translateX_direction":"","motion_fx_translateX_speed":{"unit":"px","size":4,"sizes":[]},"motion_fx_translateX_affectedRange":{"unit":"%","size":"","sizes":{"start":0,"end":100}},"motion_fx_opacity_effect":"","motion_fx_opacity_direction":"out-in","motion_fx_opacity_level":{"unit":"px","size":10,"sizes":[]},"motion_fx_opacity_range":{"unit":"%","size":"","sizes":{"start":20,"end":80}},"motion_fx_blur_effect":"","motion_fx_blur_direction":"out-in","motion_fx_blur_level":{"unit":"px","size":7,"sizes":[]},"motion_fx_blur_range":{"unit":"%","size":"","sizes":{"start":20,"end":80}},"motion_fx_rotateZ_effect":"","motion_fx_rotateZ_direction":"","motion_fx_rotateZ_speed":{"unit":"px","size":1,"sizes":[]},"motion_fx_rotateZ_affectedRange":{"unit":"%","size":"","sizes":{"start":0,"end":100}},"motion_fx_scale_effect":"","motion_fx_scale_direction":"out-in","motion_fx_scale_speed":{"unit":"px","size":4,"sizes":[]},"motion_fx_scale_range":{"unit":"%","size":"","sizes":{"start":20,"end":80}},"motion_fx_transform_origin_x":"center","motion_fx_transform_origin_y":"center","motion_fx_devices":["desktop","tablet","mobile"],"motion_fx_range":"","motion_fx_motion_fx_mouse":"","motion_fx_mouseTrack_effect":"","motion_fx_mouseTrack_direction":"","motion_fx_mouseTrack_speed":{"unit":"px","size":1,"sizes":[]},"motion_fx_tilt_effect":"","motion_fx_tilt_direction":"","motion_fx_tilt_speed":{"unit":"px","size":4,"sizes":[]},"sticky":"","sticky_on":["desktop","tablet","mobile"],"sticky_offset":0,"sticky_offset_tablet":"","sticky_offset_mobile":"","sticky_effects_offset":0,"sticky_effects_offset_tablet":"","sticky_effects_offset_mobile":"","sticky_parent":"","_animation":"","_animation_tablet":"","_animation_mobile":"","animation_duration":"","_animation_delay":"","_transform_rotate_popover":"","_transform_rotateZ_effect":{"unit":"px","size":"","sizes":[]},"_transform_rotateZ_effect_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateZ_effect_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_rotate_3d":"","_transform_rotateX_effect":{"unit":"px","size":"","sizes":[]},"_transform_rotateX_effect_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateX_effect_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_rotateY_effect":{"unit":"px","size":"","sizes":[]},"_transform_rotateY_effect_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateY_effect_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_perspective_effect":{"unit":"px","size":"","sizes":[]},"_transform_perspective_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_perspective_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_translate_popover":"","_transform_translateX_effect":{"unit":"px","size":"","sizes":[]},"_transform_translateX_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_translateX_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scale_popover":"","_transform_keep_proportions":"yes","_transform_scale_effect":{"unit":"px","size":"","sizes":[]},"_transform_scale_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scale_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect_mobile":{"unit":"px","size":"","sizes":[]},"_transform_skew_popover":"","_transform_skewX_effect":{"unit":"px","size":"","sizes":[]},"_transform_skewX_effect_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_skewX_effect_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_skewY_effect":{"unit":"px","size":"","sizes":[]},"_transform_skewY_effect_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_skewY_effect_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_flipX_effect":"","_transform_flipY_effect":"","_transform_rotate_popover_hover":"","_transform_rotateZ_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_rotateZ_effect_hover_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateZ_effect_hover_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_rotate_3d_hover":"","_transform_rotateX_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_rotateX_effect_hover_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateX_effect_hover_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_rotateY_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_rotateY_effect_hover_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_rotateY_effect_hover_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_perspective_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_perspective_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_perspective_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_translate_popover_hover":"","_transform_translateX_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_translateX_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_translateX_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_translateY_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scale_popover_hover":"","_transform_keep_proportions_hover":"yes","_transform_scale_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_scale_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scale_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scaleX_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect_hover_tablet":{"unit":"px","size":"","sizes":[]},"_transform_scaleY_effect_hover_mobile":{"unit":"px","size":"","sizes":[]},"_transform_skew_popover_hover":"","_transform_skewX_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_skewX_effect_hover_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_skewX_effect_hover_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_skewY_effect_hover":{"unit":"px","size":"","sizes":[]},"_transform_skewY_effect_hover_tablet":{"unit":"deg","size":"","sizes":[]},"_transform_skewY_effect_hover_mobile":{"unit":"deg","size":"","sizes":[]},"_transform_flipX_effect_hover":"","_transform_flipY_effect_hover":"","_transform_transition_hover":{"unit":"px","size":"","sizes":[]},"motion_fx_transform_x_anchor_point":"","motion_fx_transform_x_anchor_point_tablet":"","motion_fx_transform_x_anchor_point_mobile":"","motion_fx_transform_y_anchor_point":"","motion_fx_transform_y_anchor_point_tablet":"","motion_fx_transform_y_anchor_point_mobile":"","_background_background":"","_background_color":"","_background_color_stop":{"unit":"%","size":0,"sizes":[]},"_background_color_stop_tablet":{"unit":"%"},"_background_color_stop_mobile":{"unit":"%"},"_background_color_b":"#f2295b","_background_color_b_stop":{"unit":"%","size":100,"sizes":[]},"_background_color_b_stop_tablet":{"unit":"%"},"_background_color_b_stop_mobile":{"unit":"%"},"_background_gradient_type":"linear","_background_gradient_angle":{"unit":"deg","size":180,"sizes":[]},"_background_gradient_angle_tablet":{"unit":"deg"},"_background_gradient_angle_mobile":{"unit":"deg"},"_background_gradient_position":"center center","_background_gradient_position_tablet":"","_background_gradient_position_mobile":"","_background_image":{"url":"","id":"","size":""},"_background_image_tablet":{"url":"","id":"","size":""},"_background_image_mobile":{"url":"

The Ultimate Scope Guidebook

Be sure to tune in for Part 2 when we tackle the cardholder data flow diagrams.


Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

10 Insider Secrets From a Recovering PCI ISA

10 Insider Secrets From a Recovering PCI ISA

Does this sound familiar?

“I feel like a fraud.”

“I have no idea what I’m doing.”

“How do I know if this evidence meets the PCI DSS requirement?”

“I don’t know how to tell a senior director their software development process is neither secure nor PCI DSS compliant.”

Running or being in charge of a PCI Compliance Program feels like you’ve been given the weight of a thousand worlds to carry.

You have all of the responsibility and zero authority.

It’s like being stuck in a dingy in the middle of the Pacific Ocean.

So, how do you get past feeling like a fraud who’s adrift in a vast ocean without any paddles?

I know how overwhelming running a PCI DSS Compliance program is.

That’s why I’m sharing How to Win At PCI Compliance: 10 Insider Secrets From an Ex PCI ISA with you today.

I want help you feel more confident and less adrift.

Keep Reading!

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading