PCI Compliance on AWS: PCI Requirement 1.1.7
Inspecting Configurations in AWS Firewall Manager
It’s not enough for your organization to establish standards surrounding firewall and router configurations. As time goes on, these protocols can become outdated or insecure. PCI Requirement 1.1.7 requires an inspection of your firewall and router configurations at least every six months to ensure that all configurations are up-to-date and no unapproved changes have been made. To comply with this requirement, you need to compare your configurations in AWS Firewall Manager against your documented standards. Are the configurations as you expect them to be?
Once you’ve completed this task, you must record the date that the inspection was completed and your methodology for ensuring that your standards are secure. During a PCI assessment, an assessor will want to see some type of evidence that this review process has occurred.
PCI Requirement 1.1.7 requires that you inspect your firewall and router configurations every six months. What you would do for this is go into your AWS Firewall Manager and inspect to make sure that the configurations are as you expect them to be, you would compare them against your documented firewall and router configuration standards, and you want to create some kind of a record that demonstrates that you performed this task. You could open a ticket or have some other form of documentation in order to prove to the assessor that you have completed this. Another thing that’s important for PCI compliance is found in PCI Requirement 1.1.2, where you want to ensure that these configurations are secured and synchronized, and that only those with appropriate authority have access in order to change these configurations. So be sure to document those things and put those in a record so that your assessor can help you inspect those particular requirements.