fadaly.net/work/pciscopeboundary
COMPLIANCE
SCOPE.
22 systems classified across in-CDE, connected, out-of-scope, scope-leaked.
4 connected-to-CDE without documented network segmentation.
1 out-of-scope system caught processing a PAN in logs.
A PAN you didn't expect is a CDE you didn't declare.
PB-009 · application logs · S3 bucket
SCOPE LEAK
Captured 14 PAN tokens · supposedly out-of-scope · ASV scan missed.
Redact at source, re-segment, expand CDE boundary in QSA doc.