PCI DSS Requirement 1.3.4: Deny Unauthorized Outbound Traffic

by KirkpatrickPrice / December 22, 2022

Understanding PCI Requirement 1.3.4 One of the most important things you can do as an organization to harden your environment, is to limit the outbound traffic from your cardholder data environment (CDE), or from your environment that you might consider sensitive, to the Internet. This outbound traffic should be limited only to that which is necessary to support your business. If you do need internet access for business purposes, that…

PCI DSS Requirement 1.3.3: Implement Anti-Spoofing Measures

by KirkpatrickPrice / December 19, 2022

PCI DSS Requirement 1.3.3 requires that organizations, “implement anti-spoofing measures to detect and block forged source IP addresses from entering a network.” Assessors will be looking at your firewall and router configurations to verify that anti-spoofing measures are implemented. There are several types of spoofing attacks, but in general, a spoofing attack is a situation in which “a malicious party impersonates another device or user on a network in order…

PCI DSS Requirement 1.3.2: Limit Inbound Internet Traffic

by KirkpatrickPrice / December 22, 2022

What's in PCI Requirement 1.3.2? PCI Requirement 1.3.2 states, “Limit inbound Internet traffic to IP addresses within the DMZ and examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ.”  PCI Requirement 1.3.2 requires that where your organization has established rules based on the list of approved protocols, ports, and services (from Requirement 1.1.6), traffic is stopped within the DMZ and…

PCI DSS Requirement 1.3.1: Establishing a DMZ

by KirkpatrickPrice / December 22, 2022

Understanding PCI Requirement 1.3.1 PCI DSS Requirement 1.3.1 requires that you, as an organization, develop and implement a DMZ, otherwise known as a demilitarized zone. What is the PCI DSS DMZ? The PCI DSS requirements often refer to DMZs, or demilitarized zones. A DMZ is a sub-network that separates the internal network, in this instance your CDE, from all other untrusted sources. The DMZ should be a place where your…

PCI DSS Requirement 1.3: Examine Firewall and Router Configurations

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.3? PCI Requirement 1.3 focuses on ensuring that you prohibit direct public traffic from the Internet into the Cardholder Data Environment (CDE). PCI Requirement 1.3 states, “Prohibit direct public access between the Internet and any system component in the Cardholder Data Environment.” The PCI DSS v3.2 says that the purpose for PCI Requirement 1.3 is to protect system components that store cardholder data. If the protections…