Overview#Cardholder Data Environment (CDE and also worded "Card Data Environment') Payment Card Industry Data Security Standard (PCI DSS) defines as a computer system or networked group of IT systems that processes, stores and/or transmits Cardholder Data or sensitive payment authentication data.
Cardholder Data Environment also includes any component that directly connects to or supports this network and includes specific requirements for securing electronic payment and authentication data residing on all physical and virtual components in the including:
- Network components such as firewalls, switches, routers, access points, network appliances, security appliances.
- Point of Sale (POS) systems, such as payment terminals, cash registers, card readers and other systems that intake payment card data from a customer at the time of a payment transaction.
- Servers including Web servers, application servers, database servers, authentication servers, mail servers, proxy servers, network time protocol servers and domain name servers.
- All applications, both internal and external.
- Any virtual component, including virtual machines, virtual switches, virtual routers, virtual appliances, virtual applications, virtual desktops and hypervisors.
- Third-party IT systems.