This is in reference to identifying Controls acceptable by the PCI council for taking the Home users into PCI scope. Our organisation is already PCI Level 1 certified however with a new upcoming business engagement, we are required to design a model where in the resources would be operating from home and would have access to PII information. What I am looking for a detailed list of controls which needs to be implemented for these home users to comply with the PCI requirement.
Would really appreciate if someone can share a case study or list of controls acceptable by the PCI council.
Thanks in advance for the support.