PCI DSS Requirement 1.3.1: Establishing a DMZ
Understanding PCI Requirement 1.3.1
PCI DSS Requirement 1.3.1 requires that you, as an organization, develop and implement a DMZ, otherwise known as a demilitarized zone.
What is the PCI DSS DMZ?
The PCI DSS requirements often refer to DMZs, or demilitarized zones. A DMZ is a sub-network that separates the internal network, in this instance your CDE, from all other untrusted sources. The DMZ should be a place where your public-facing web services exist and will keep you from exposing your CDE – where cardholder data and other sensitive data exists – from the Internet.
PCI DSS Requirement 1.3.1
Requirement 1.3.1 requires that you as an organization develop a DMZ. This DMZ is really established as a place where you can put your web services so that you’re not exposing your credit card information, your credit card processing, or any of the services that would be subject to cardholder data, to the Internet as whole. What we look for here is that you do indeed have a DMZ. This DMZ can be established by having two physical firewalls, or you can have a single firewall that’s appropriately configured with two network zones that are appropriately restricted between them.