PCI Archives

PCI DSS Requirement 1.3: Examine Firewall and Router Configurations

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.3? PCI Requirement 1.3 focuses on ensuring that you prohibit direct public traffic from the Internet into the Cardholder Data Environment (CDE). PCI Requirement 1.3 states, “Prohibit direct public access between the Internet and any system component in the Cardholder Data Environment.” The PCI DSS v3.2 says that the purpose for PCI Requirement 1.3 is to protect system components that store cardholder data. If the protections…

PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.2.3? Requirement 1.2.3 requires that organizations, “Install perimeter firewalls between all wireless networks and the Cardholder Data Environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.” So, what exactly does that mean? Requirement 1.2.3 is saying that your organization must install a firewall between any wireless network…

PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.2.2? PCI DSS Requirement 1.2.2 states, “Secure and synchronize router configuration files.” This requirement focuses on enforcing the security and controls surrounding your organization’s firewall and router configurations. Before your PCI DSS assessment, your organization needs to determine, “Are our router and configuration files secured from unauthorized access?” There is a significant amount of information located within those configuration files; authentication information, certificates, keys, etc. This…

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

by KirkpatrickPrice / February 7, 2023

What is PCI Requirement 1.2.1? PCI DSS Requirement 1.2.1 focuses around organizations developing policies and procedures that restrict traffic to that which is absolutely necessary, both inbound and outbound, for business purposes. PCI Requirement 1.2.1 states, “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.” The goal of PCI Requirement 1.2.1 is to limit traffic to only essential,…

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

by KirkpatrickPrice / December 22, 2022

PCI Requirement 1.2 states, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.” The PCI DSS considers any network that is out of your organization’s ability to control, or external to your organization’s network, as untrustworthy. Assessors will take the data found in PCI Requirement 1.1.6, which is your organization’s authorized ports, protocols, and services, and compare that data…

Blog

PCI

PCI DSS Requirement 1.3: Examine Firewall and Router Configurations

PCI DSS Requirement 1.2.3: Install Firewalls Between all Wireless Networks and the CDE

PCI DSS Requirement 1.2.2: Secure and Synchronize Router Configuration Files

PCI DSS Requirement 1.2.1: Restrict Traffic to that which is Necessary

PCI DSS Requirement 1.2: Restrict Connections to Untrusted Networks

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.