PCI DSS 4.0 (effective March 2025) mandates stringent access controls, network segmentation, encryption, and continuous monitoring for any organisation that stores, processes, or transmits payment card data — with Requirement 7 directly mandating need-to-know access restrictions and Requirement 8 requiring multi-factor authentication for all access to cardholder data environments. Zero Trust microsegmentation is explicitly recognised by the PCI Security Standards Council as an effective method for reducing CDE scope, and organisations that implement Zero Trust network segmentation significantly reduce both compliance burden and the blast radius of a breach.
Related: Financial · Retail · Banking · Microsegmentation · MFA