PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.2.2? PCI DSS Requirement 1.2.2 states, “Secure and synchronize router configuration files.” This requirement focuses on enforcing the security and controls surrounding your organization’s firewall and router configurations. Before your PCI DSS assessment, your organization needs to determine, “Are our router and configuration files secured from unauthorized access?” There is a significant amount of information located within those configuration files; authentication information, certificates, keys, etc. This…

Read More

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

by KirkpatrickPrice / February 7, 2023

What is PCI Requirement 1.2.1? PCI DSS Requirement 1.2.1 focuses around organizations developing policies and procedures that restrict traffic to that which is absolutely necessary, both inbound and outbound, for business purposes. PCI Requirement 1.2.1 states, “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.” The goal of PCI Requirement 1.2.1 is to limit traffic to only essential,…

Read More

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

by KirkpatrickPrice / December 22, 2022

PCI Requirement 1.2 states, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.” The PCI DSS considers any network that is out of your organization’s ability to control, or external to your organization’s network, as untrustworthy. Assessors will take the data found in PCI Requirement 1.1.6, which is your organization’s authorized ports, protocols, and services, and compare that data…

Read More