Network Segmentation
Earlier this month the PCI SSC released a memo referring to their network segmentation guidelines, while network segmentation is not part of PCI scope, it seems that most breaches happen from systems that were deemed not in scope, and companies were unaware that their data was even being accessed by these systems. The guidelines where created with input from professionals within the industry to address common concerns that companies might have. The network segmentation guidelines provide feedback on how to successfully implement network segmentations as well as how to determine PCI scope within your overall environment. The network segmentation guidelines also discuss how to implement segmentation while using a third party service providers to reduce the PCI scope.
Please review the link below, for more details about the importances of network segmentation guidelines and more input from the PCI SSC.
PCI DSS Network Segmentation Memo
For the Network Segmentation Guidelines please review the link below.