PCI Requirement 1

Install and Maintain a Firewall Configuration

Welcome to PCI Requirement 1. Are you a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data? If so, this is a great place to be introduced to the PCI DSS. In these videos, you will learn why the PCI DSS was developed, who participates in the PCI environment, what the 12 PCI DSS requirements are, and what the foundational elements of a PCI DSS engagement are.

PCI Requirement 1 focuses on installing and maintaining a firewall configuration in order to protect cardholder data. To comply with PCI Requirement 1, you’ll need to understand several aspects of firewall configuration. Our video resources outline change control programs, how to maintain network documentation, how to establish and maintain a secure firewall, what a DMZ is and how to segregate it from the Cardholder Data Environment (CDE), the roles and responsibilities of network management, inbound and outbound traffic rules, anti-spoofing measures, and more. Understanding these aspects of firewall configuration are vital when trying to protect your cardholder data. Click on a video below to get started with PCI Requirement 1.

Introduction to PCI DSS

Introduction to PCI DSS

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what the Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organizations needs to know and do to become compliant.
April 18, 2017/by KirkpatrickPrice
The 12 PCI DSS Requirements

The 12 PCI DSS Requirements

This exclusive video series, PCI Demystified, was developed to assist your organization in understanding what Payment Card Industry Data Security Standard (PCI DSS) is, who it applies to, what the specific requirements are, and what your organization needs to do to become compliant.
April 18, 2017/by KirkpatrickPrice
Establishing the Scope of Your Cardholder Data Environment - PCI Demystified

Establishing the Scope of Your Cardholder Data Environment

Properly scoping your environment is the most important initial step of becoming PCI compliant. The scope of the Cardholder Data Environment (CDE) determines the extent to which all PCI DSS controls must be in place. Errors in scoping can lead to serious consequences, so it’s important to define an accurate scope before beginning your PCI DSS audit.
April 18, 2017/by KirkpatrickPrice
Policies, Procedures, and Standards - PCI Demystified

Policies, Procedures, and Standards

We find that most organizations struggle with the documentation aspect of a PCI assessment. Established best practice states, "If it's not written down, it's not happening." Organizations need documented policies, procedures, and standards to control risks to business assets, but to also have a common understanding and language to create consistency among the culture of your organization.
April 18, 2017/by KirkpatrickPrice
Introduction to PCI DSS Requirement 1 - PCI Demystified

Introduction to PCI DSS Requirement 1

The Payment Card Industry Data Security Standard (PCI DSS) was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. If you are a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data, you are subject to comply with the PCI DSS.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.1: Implementing a Change Control Program

PCI DSS Requirement 1.1.1: Implementing a Change Control Program

Your organization needs to ensure that you have the appropriate methods to control any changes into and out of your environment. Learn more about PCI DSS Requirement 1.1.1: Implementing a Change Control Program.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation

PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation

PCI DSS Requirements 1.1.2 and 1.1.3 are all about maintaining network documentation. Network documentation consists of two things: a network diagram and a data flow diagram. Learn more about PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

PCI DSS Requirement 1.1.4 requires “a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network zone.” Click here to learn more about PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

It’s not enough that you have a network set up with established policies, procedures, and processes. You also need to ensure that you have someone within your organization that has the formal responsibility of managing the network. Watch this video to learn more about PCI DSS Requirement 1.1.5.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

What is PCI Requirement 1.1.6? Your organization needs to restrict inbound and outbound traffic in and out of sensitive environments. PCI DSS Requirement 1.1.6 relates specifically to the documentation of business justification and approval for use of all services, ports, and protocols.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

What is PCI Requirement 1.1.7? There are several sub-requirements under the umbrella of Requirement 1. PCI Requirement 1.1.7 states, “review firewall and router rule sets at least every six months.” Watch this episode to learn more about PCI DSS Requirement 1.1.7.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

PCI Requirement 1.2 states, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.” Watch this episode to learn more about PCI DSS Requirement 1.2.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

PCI DSS Requirement 1.2.1 focuses around organizations developing policies and procedures that restrict traffic to that which is absolutely necessary, both inbound and outbound, for business purposes. PCI Requirement 1.2.1 states, “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.” The goal of PCI Requirement 1.2.1 is to limit traffic to only essential, required protocols, ports, or services and have business justification for those required elements.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

What is PCI Requirement 1.2.2? This requirement focuses on enforcing the security and controls surrounding your organization’s firewall and router configurations. Watch this episode to learn more about PCI DSS Requirement 1.2.2.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

What is PCI Requirement 1.2.3? Requirement 1.2.3 requires that organizations install perimeter firewalls between all wireless networks and the Cardholder Data Environment. So, what exactly does that mean? Watch this episode to learn more about PCI DSS Requirement 1.2.3.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3: Examine Firewall and Router Configurations

PCI DSS Requirement 1.3: Examine Firewall and Router Configurations

Requirement 1.3 focuses on ensuring that you prohibit direct public traffic from the Internet into the Cardholder Data Environment (CDE). If the protections put in place are bypassed, your system could be compromised. Watch this episode to learn more about PCI DSS Requirement 1.3.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.1: Establishing a DMZ

PCI DSS Requirement 1.3.1: Establishing a DMZ

PCI DSS Requirement 1.3.1 requires that you, as an organization, develop and implement a DMZ, otherwise known as a demilitarized zone. Watch this episode to learn more about PCI DSS Requirement 1.3.1 and Establishing a DMZ.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.2: Limit Inbound Internet Traffic

PCI DSS Requirement 1.3.2: Limit Inbound Internet Traffic

PCI Requirement 1.3.2 limits inbound Internet traffic to IP addresses within the DMZ and examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ. Watch this episode to learn more about PCI DSS Requirement 1.3.2.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.3: Implement Anti-Spoofing Measures

PCI DSS Requirement 1.3.3: Implement Anti-Spoofing Measures

PCI DSS Requirement 1.3.3 requires that organizations implement anti-spoofing measures to detect and block forged source IP addresses from entering a network. Watch this episode to learn more about PCI DSS Requirement 1.3.3.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.4: Deny Unauthorized Outbound Traffic

PCI DSS Requirement 1.3.4: Deny Unauthorized Outbound Traffic

One of the most important things you can do as an organization to harden your environment, is to limit the outbound traffic from your cardholder data environment (CDE), or from your environment that you might consider sensitive, to the Internet. Watch this episode to learn more about PCI DSS Requirement 1.3.4.
April 18, 2017/by KirkpatrickPrice
PCI DSS Req 1.3.5: Permit Only Established Connections into the Network

PCI DSS Req 1.3.5: Permit Only Established Connections into the Network

PCI DSS Requirement 1.3.5 says to, “Permit only ‘established’ connections into the network.” Essentially, this requirement ensures that your organization is only allowing established traffic back into your environment. Watch this episode to learn more about PCI DSS Req 1.3.5.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.6: Segregate the CDE from the DMZ

PCI DSS Requirement 1.3.6: Segregate the CDE from the DMZ

To meet PCI Requirement 1.3.6, your organization must not store cardholder data within the DMZ. Watch this episode to learn more about PCI DSS Requirement 1.3.6 and what it means to segregate the CDE from the DMZ.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.3.7: Do Not Disclose Private IP Addresses

PCI DSS Requirement 1.3.7: Do Not Disclose Private IP Addresses

What is PCI Requirement 1.3.7? The goal of your organization is to make it as difficult as possible for someone to hack into your environment. Watch this episode to learn more about PCI DSS Requirement 1.3.7 and the importance of protecting your private IP addresses.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.4: Install Personal Firewall Software

PCI DSS Requirement 1.4: Install Personal Firewall Software

PCI Requirement 1.4 states, “Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network". Watch this episode to learn more about PCI DSS Requirement 1.4.
April 18, 2017/by KirkpatrickPrice
PCI DSS Requirement 1.5: Ensure Security Policies are Known to all Affected Parties

PCI DSS Requirement 1.5: Ensure Security Policies are Known to all Affected Parties

PCI Requirement 1.5 is not only saying that your organization needs to maintain documented security policies and operational procedures; the policies and procedures needs to be known and in use by all relevant parties. Watch this episode to learn more about PCI DSS Requirement 1.5.
April 18, 2017/by KirkpatrickPrice