PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

by KirkpatrickPrice / December 22, 2022

PCI Requirement 1.2 states, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.” The PCI DSS considers any network that is out of your organization’s ability to control, or external to your organization’s network, as untrustworthy. Assessors will take the data found in PCI Requirement 1.1.6, which is your organization’s authorized ports, protocols, and services, and compare that data…

PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.7? There are several sub-requirements under the umbrella of Requirement 1. PCI Requirement 1.1.7 states that organizations should “review firewall and router rule sets at least every six months.” This requirement includes verifying that the firewall and router configuration standards and documentation relating to rule set reviews and personnel interviews are reviewed every six months. Unpacking PCI Requirement 1.1.7 How Does PCI Requirement 1.1.7 Impact PCI…

PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.6? Your organization needs to restrict inbound and outbound traffic in and out of sensitive environments.  PCI DSS Requirement 1.1.6 relates specifically to the documentation of business justification and approval for use of all services, ports, and protocols. PCI DSS v3.2 insists that organizations restrict inbound and outbound traffic to and from sensitive areas to only that which is needed for business purposes. We find that…

PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.5? It’s not enough that you have a network set up with established policies, procedures, and processes. You also need to ensure that you have someone within your organization that has the formal responsibility of managing the network. PCI Requirement 1.1.5 states that it's necessary for your organization to have a "description of groups, roles, and responsibilities for management of network components." PCI Requirement 1.1.5 ensures…

PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.4? PCI DSS Requirement 1.1.4 requires “a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network zone.” PCI DSS v3.2, the current version of the standard, says that the purpose behind PCI Requirement 1.1.4 is, “Using a firewall on every internet connection coming in to (and out of) the network, and between any DMZ and the internal network, allows the…