Which diagram is required to identify connections between the CDE and other networks (including wireless networks) under 1.1.2?

• A. A diagram of fire marshal routes.
• B. A current network diagram that IDs all connections btw the CDE & other networks, including any wireless networks.
• C. An organizational chart of IT staff.
• D. A diagram of physical office layout.

Answer: (B)

The need is to have a clear map of how the cardholder data environment (CDE) connects to other networks, including wireless ones. This is essential because you must know every path data can travel and every point where the CDE interfaces with external systems, so you can enforce proper segmentation and control. A current network diagram that identifies all connections—wired and wireless—provides the complete topology you rely on to design firewall rules, monitor traffic, and verify that no undocumented or risky paths exist. Wireless connections are particularly important to include because they can bypass traditional network boundaries if not properly accounted for, potentially exposing cardholder data. The other diagrams described (fire marshal routes, IT organizational chart, or physical office layout) don’t depict network connections or data flow, so they don’t meet this requirement.