PCI DSS requires that network segmentation controls are penetration tested and that the methods used are operational
Krypsys
Application Penetration Testing for PCI
When considering application penetration testing for PCI, any software written by your organisation or written specifically for it,
PCI Penetration Testing – How to Define The Scope
Cardholder Data Environment
The PCI DSS defines the cardholder data environment (CDE) as follows: