The PCI DSS security requirements apply to all system components. In the context of PCI DSS, system components are defined as any network component, server or application that is included or connected to the cardholder data environment. System components also include any virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors.
The cardholder data environment is comprised of people, processes and technology that store, process or transmit cardholder data or sensitive authentication data.
Network components include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances and other security appliances. Server types include, but are not limited to, web, application, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS).
Developers help their merchants achieve PCI DSS compliance by ensuring the PA-DSS compliance of their software. Paygistix helps developers comply by providing solutions to take their application out of the scope of PA-DSS.