[PCI DSS 1.x] 6.3 Develop software applications in accordance with PCI DSS (for example, secure authenti

[READ-ONLY] Archives [RETIRED] PCI DSS v.1.x Questions and Answers Maintain a Vulnerability Management Program
1

[PCI-DSS] 6.3 Develop software applications in accordance with PCI DSS (for example, secure authentication and logging) and based on industry best practices, and incorporate information security throughout the software development life cycle. These processes must include the following:

    6.3   Develop software applications in accordance with PCI DSS (for example, secure   authentication and logging) and based on industry best practices, and   incorporate information security throughout the software development life   cycle. These processes must include the following:
2

I’m looking at reducing the scope by segmenting the network. Users in the cardholder data environment will need access to a “web based” application running in a separate network zone. At the payment stage, an iframe would be used to allow credit card data to be entered onto a server which sits inside the CDE. Could I consider the main application, which has no access to credit card data, out of scope?