
PCI DSS Requirement 1.3.6: Segregate the CDE from the DMZ
What's in PCI Requirement 1.3.6? To meet PCI Requirement 1.3.6, your organization must not store cardholder data within the DMZ. PCI Requirement 1.3.6 states, “Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks.” PCI Requirement 1.3.6 also says, “Examine firewall and router configurations to verify that system components that store cardholder data are on an…



