PCI DSS Requirement 1.1.7: Review Firewall and Router Rule Sets

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.7? There are several sub-requirements under the umbrella of Requirement 1. PCI Requirement 1.1.7 states that organizations should “review firewall and router rule sets at least every six months.” This requirement includes verifying that the firewall and router configuration standards and documentation relating to rule set reviews and personnel interviews are reviewed every six months. Unpacking PCI Requirement 1.1.7 How Does PCI Requirement 1.1.7 Impact PCI…

PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.6? Your organization needs to restrict inbound and outbound traffic in and out of sensitive environments.  PCI DSS Requirement 1.1.6 relates specifically to the documentation of business justification and approval for use of all services, ports, and protocols. PCI DSS v3.2 insists that organizations restrict inbound and outbound traffic to and from sensitive areas to only that which is needed for business purposes. We find that…

PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.5? It’s not enough that you have a network set up with established policies, procedures, and processes. You also need to ensure that you have someone within your organization that has the formal responsibility of managing the network. PCI Requirement 1.1.5 states that it's necessary for your organization to have a "description of groups, roles, and responsibilities for management of network components." PCI Requirement 1.1.5 ensures…

PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.4? PCI DSS Requirement 1.1.4 requires “a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network zone.” PCI DSS v3.2, the current version of the standard, says that the purpose behind PCI Requirement 1.1.4 is, “Using a firewall on every internet connection coming in to (and out of) the network, and between any DMZ and the internal network, allows the…

PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation

by KirkpatrickPrice / December 19, 2022

What are PCI Requirement 1.1.2 & 1.1.3? PCI DSS Requirements 1.1.2 and 1.1.3 are all about maintaining network documentation. Network documentation consists of two things: a network diagram and a data flow diagram. An updated network diagram is required by PCI Requirement 1.1.2, which states that organizations must have a “current network diagram that identifies all connections between the Cardholder Data Environment (CDE) and other networks, including any wireless networks.”…