PCI Compliance for Home Users

Hi All,

This is in reference to identifying Controls acceptable by the PCI council for taking the Home users into PCI scope. Our organisation is already PCI Level 1 certified however with a new upcoming business engagement, we are required to design a model where in the resources would be operating from home and would have access to PII information. What I am looking for a detailed list of controls which needs to be implemented for these home users to comply with the PCI requirement.

Would really appreciate if someone can share a case study or list of controls acceptable by the PCI council.

Thanks in advance for the support.


It depends if the home users can view / access to full PAN. If yes :

Requirement will be :

1.4 : Personnal firewall
5 : Personnel Antimalware
4.1 : HTTPS
6.1 : security patch managment of the stations
8.3 : Two-factor authentication
12 : Security Awarness and inventory