PCI compliancy is mandatory for the airlines, the scope extends to all system components that are included in or connected to the Cardholder Data Environment (CDE). For all system components included in or connected to the Cardholder Data Environment (CDE), organizations must comply with more than three hundred requirements. It is in every organization’s best interest, therefore, to take advantage of network segmentation provisions stated in the PCI DSS to effectively isolate their CDE and thereby decrease the amount of infrastructure that is considered in scope.