What document is required by PCI DSS to define and describe the boundaries of the CDE, including all in-scope system components?
-
A
A business impact analysis (BIA)
-
B
A network diagram showing all CDE connections and data flows
-
C
A vulnerability scan report from an Approved Scanning Vendor (ASV)
-
D
A penetration test report covering all external IP addresses