2.4 Maintain an inventory of system components that are in scope for PCI DSS.
2.4.a Examine system inventory to verify that a list of hardware
and software components is maintained and includes a
description of function/use for each.
2.4.b Interview personnel to verify the documented inventory is
Maintaining a current list of all system
components will enable an organization to
accurately and efficiently define the scope of their
environment for implementing PCI DSS controls.
Without an inventory, some system components
could be forgotten, and be inadvertently excluded
from the organization’s configuration standards.