💼 11.3.4.1 If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.

• Contextual name: 💼 11.3.4.1 If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.

• ID: /frameworks/pci-dss-v3.2.1/11/03/04/01

• Located in: 💼 11.3.4 If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.

Description

Additional requirement for service providers only.

Similar

• Sections
  • /frameworks/pci-dss-v4.0/11/04/06
• Internal
  • ID: dec-c-7e62c2d1

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v4.0 → 💼 11.4.6 If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls.

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags