{
"id": "workflow:pci-dss-scoping",
"_kind": "Workflow",
"_file": "workflows/workflows/workflows-compliance-deep.yaml",
"_cluster": "workflows",
"attributes": {
"displayName": "PCI DSS Scoping",
"workflowKind": "governance",
"triggerType": "scheduled",
"typicalCadence": "annually",
"complexity": "cross-team",
"description": "Defines and validates the cardholder data environment boundary — network\nsegmentation verification, data flow mapping, scope reduction analysis,\ncompensating control documentation, and evidence gathering for QSA review.\nExcludes remediation implementation.\n"
},
"outgoingEdges": [
{
"from": "workflow:pci-dss-scoping",
"to": "role:security-reviewer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "role:cloud-architect",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "role:principal-engineer",
"kind": "involves_role",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "skill-area:service-mesh-config",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "skill-area:k8s-rbac",
"kind": "requires_skill_area",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "domain:security",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "domain:cybersecurity",
"kind": "applies_to_domain",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "responsibility:security-review",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "responsibility:threat-modeling",
"kind": "triggers_responsibility",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "org-unit:security-team",
"kind": "performed_by_org_unit",
"attributes": {}
},
{
"from": "workflow:pci-dss-scoping",
"to": "org-unit:application-security-team",
"kind": "performed_by_org_unit",
"attributes": {}
}
],
"incomingEdges": []
}