If you are a service provider that uses network segmentation to reduce the overall scope of your PCI DSS assessment, what was formerly an annual requirement to obtain a penetration test is now a semi-annual requirement meaning it must be done every six months. Make sure to reach out to your QSA to ensure that you are compliant with this timing requirement.
Freed Maxick 22.214.171.124 Guidance
Organizations should schedule penetration tests in advance to meeting the timing restriction of this requirement. An experienced and qualified penetration tester independent of the organizational unit should be consulted to perform this assessment to validate and confirm the scope of the cardholder data environment
PCI DSS Resources
For more guidance on 126.96.36.199 compliance and other PCI DSS requirements, read our blog post that includes a downloadable overview of all recent updates and revisions.