Documenting Cardholder Data Environments
Scoping out your cardholder data environment (CDE) is the first step in managing sensitive payment card information. Identify and document each part of your organization that processes or stores credit card information to scope out your CDE.
Use the following steps to document cardholder data environments:
-
Create a new Cardholder Data Environment record.
- In the General Information section, in the PCI CDE Title field, enter a name for the cardholder data environment record.
- In the Merchant Level/Tier field, select the appropriate PCI level from the drop-down list.
- In the Additional Information section, select the PCI Project Team and the PCI Executive Sponsor.
- If applicable, in the Cardholder Data Flow Diagram section, click Add New to attach a diagram.
- In the Identify Cardholder Data Flows section, click
to add 1 or more business processes. - In the Populate Scope Automatically field, select to Auto Scope or manually populate the related sections.
- (Optional) In Service Providers section, select any applicable service providers.
- Click Save.
