top of page
11.3.4 PCI DSS (v3.2.1)
Compliance Standard
Compliance Version
Control ID
PCI DSS
(v3.2.1)
11.3.4
Requirement 11: Regularly test security systems and processes
(v3.2.1)
If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from systems in the CDE.
bottom of page