Blog

PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.2.3? Requirement 1.2.3 requires that organizations, “Install perimeter firewalls between all wireless networks and the Cardholder Data Environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.” So, what exactly does that mean? Requirement 1.2.3 is saying that your organization must install a firewall between any wireless network…

PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.2.2? PCI DSS Requirement 1.2.2 states, “Secure and synchronize router configuration files.” This requirement focuses on enforcing the security and controls surrounding your organization’s firewall and router configurations. Before your PCI DSS assessment, your organization needs to determine, “Are our router and configuration files secured from unauthorized access?” There is a significant amount of information located within those configuration files; authentication information, certificates, keys, etc. This…

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

by KirkpatrickPrice / February 7, 2023

What is PCI Requirement 1.2.1? PCI DSS Requirement 1.2.1 focuses around organizations developing policies and procedures that restrict traffic to that which is absolutely necessary, both inbound and outbound, for business purposes. PCI Requirement 1.2.1 states, “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.” The goal of PCI Requirement 1.2.1 is to limit traffic to only essential,…

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

by KirkpatrickPrice / December 22, 2022

PCI Requirement 1.2 states, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.” The PCI DSS considers any network that is out of your organization’s ability to control, or external to your organization’s network, as untrustworthy. Assessors will take the data found in PCI Requirement 1.1.6, which is your organization’s authorized ports, protocols, and services, and compare that data…

PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.7? There are several sub-requirements under the umbrella of Requirement 1. PCI Requirement 1.1.7 states that organizations should “review firewall and router rule sets at least every six months.” This requirement includes verifying that the firewall and router configuration standards and documentation relating to rule set reviews and personnel interviews are reviewed every six months. Unpacking PCI Requirement 1.1.7 How Does PCI Requirement 1.1.7 Impact PCI…

PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.