According to the PCI DSS v3.2.1 Quick Reference Guide1, business facilities and system components can be sampled for testing during a PCI DSS assessment, as long as they are not critical components or components that are not in scope for testing. This is one of the requirements for ensuring that testing covers all relevant components and processes.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit