Blog

PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.6? Your organization needs to restrict inbound and outbound traffic in and out of sensitive environments. PCI DSS Requirement 1.1.6 relates specifically to the documentation of business justification and approval for use of all services, ports, and protocols. PCI DSS v3.2 insists that organizations restrict inbound and outbound traffic to and from sensitive areas to only that which is needed for business purposes. We find that…

PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.5? It’s not enough that you have a network set up with established policies, procedures, and processes. You also need to ensure that you have someone within your organization that has the formal responsibility of managing the network. PCI Requirement 1.1.5 states that it's necessary for your organization to have a "description of groups, roles, and responsibilities for management of network components." PCI Requirement 1.1.5 ensures…

PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

by KirkpatrickPrice / December 22, 2022

What is PCI Requirement 1.1.4? PCI DSS Requirement 1.1.4 requires “a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network zone.” PCI DSS v3.2, the current version of the standard, says that the purpose behind PCI Requirement 1.1.4 is, “Using a firewall on every internet connection coming in to (and out of) the network, and between any DMZ and the internal network, allows the…

PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation

by KirkpatrickPrice / December 19, 2022

What are PCI Requirement 1.1.2 & 1.1.3? PCI DSS Requirements 1.1.2 and 1.1.3 are all about maintaining network documentation. Network documentation consists of two things: a network diagram and a data flow diagram. An updated network diagram is required by PCI Requirement 1.1.2, which states that organizations must have a “current network diagram that identifies all connections between the Cardholder Data Environment (CDE) and other networks, including any wireless networks.”…

PCI DSS Requirement 1.1.1: Implementing a Change Control Program

by KirkpatrickPrice / December 19, 2022

What is PCI Requirement 1.1.1? Your organization needs to ensure that you have the appropriate methods to control any changes into and out of your environment. PCI Requirement 1.1.1 requires, "a formal process for approving and testing all network connections and changes to the firewall and router configurations." The PCI DSS v3.2.1 states that PCI Requirement 1.1.1 exists because, "Without formal approval and testing of changes, records of the changes…

PCI DSS Requirement 1.1.6: Documentation of Business Justification and Approval

PCI DSS Requirement 1.1.5: Defining Roles and Responsibilities for Managing Network Components

PCI DSS Requirement 1.1.4: Establishing a Firewall and DMZ

PCI DSS Requirement 1.1.2 and 1.1.3: Network Documentation

PCI DSS Requirement 1.1.1: Implementing a Change Control Program

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.