Cardholder Data Environment (CDE)
Definition
The people, processes, and technology that store, process, or transmit cardholder data or sensitive authentication data. PCI-DSS requirements apply to the CDE and any system components that can affect its security. Reducing CDE scope is the primary cost-control lever in PCI-DSS programmes.
Related terms
- Addressable Implementation Specification
- A HIPAA Security Rule specification that organisations must assess for reasonableness and appropriateness. If reasonable and appropriate, it must be implemented; if...
- Business Associate
- A person or entity that performs services for a HIPAA covered entity that involve creating, receiving, maintaining, or transmitting protected health information...
- Covered Entity
- Under HIPAA, a healthcare provider that transmits health information electronically, a health plan, or a healthcare clearinghouse. Covered entities are directly subject...
- Protected Health Information (PHI)
- Individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium. PHI includes...
- Qualified Security Assessor (QSA)
- An individual certified by the PCI Security Standards Council to perform on-site PCI-DSS assessments for merchants and service providers that cannot self-certify....
Explained in
- HIPAA and PCI-DSS Compliance RequirementsThe people, processes, and technology that store, process, or transmit cardholder data or sensitive authentication data. PCI-DSS requirements apply to the CDE...