Scope of Assessment for Compliance with PCI DSS

The PCI DSS security requirements apply to all system components. In the context of PCI DSS, system components are defined as any network component, server or application that is included or connected to the cardholder data environment. System components also include any virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors.

The cardholder data environment is comprised of people, processes and technology that store, process or transmit cardholder data or sensitive authentication data.

Network components include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances and other security appliances. Server types include, but are not limited to, web, application, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS).

Developers help their merchants achieve PCI DSS compliance by ensuring the PA-DSS compliance of their software. Paygistix helps developers comply by providing solutions to take their application out of the scope of PA-DSS.

Learn More about PA DSS

PCI DSS & PA-DSS Documentation

View or download the full documentation from the Payment Industy Security Standard Council concerning PCI DSS or PA-DSS.

Access Document Library


Software vendors are required to provide a PA-DSS Implementation Guide to instruct their customers and resellers/integrators on secure product implementation, to document the secure configuration specifics mentioned throughout PCI DSS documents, and to clearly delineate vendor, reseller/integrator, and customer responsibilities for meeting PCI DSS requirements. 

PA-DSS Made Easy