What assets are considered in scope for PCI scans using Control Compliance Suite Vulnerability Manager - CCS-VM.