Question: I have a convenience store which is processed through a satellite connection direct to ExxonMobil. I have a PC connected to the internet which has NO connection to the POS system which processes credit card data. Do I still need to scan?
Answer: Do the PC and POS system sit on the same network? If so, all systems within the cardholder data environment are in-scope for the vulnerability scanning requirements.
It is not clear what is meant by “no connection to the POS system,” but if I had to guess, these systems both reside on the same network segment. Additionally, if this is the case, and the PC is directly connected to the Internet, a firewall must be in place between the PC and the Internet.