Install and maintain a firewall configuration to protect cardholder data |
All systems within organization’s card holder data environment (CDE) must be protected from access from untrusted networks. Firewalls represent key protection mechanism for networks, because they control the flow of traffic into and out of sensitive network areas and devices. Your corporate firewalls and routers may already provide great level of protection. However, as it pertains to endpoint protection, maintaining appropriate desktop firewall configurations for cardholder data protection remains a challenge due to the unknown risks of network connections that bypass established network topology. Examples include mobile device connection tethering or accidental usage of unsecure wireless networks setup in the same building.
NOTE: This requirement is included in the PCI DSS category called Build and Maintain a Secure Network and Systems.
1.1: Firewall and Router Configuration Standards
Assessment of desktop firewall configurations within a cardholder data environment
1.2: Restrict Connections Between Untrusted Networks and CDE
Examination of desktop firewall configurations to verify that connections from untrusted networks to workstations in CDE are restricted
1.3: Prohibit Direct Internet Access to CDE
Examination of desktop firewall configurations to verify that no direct access is allowed between the Internet and endpoints in the CDE
1.4: Personal Firewall Software
Install personal firewall on devices that connect to the Internet outside of internal network, but also used to access the CDE
Sign-up for Action1 Free Edition to receive real-time alerts and view instant data from your endpoints, such as alert on PCI DSS: Requirement 1 created, deleted or modified or run live or scheduled queries with the ability to export to CSV or Excel. Action1 Endpoint Security Platform is entirely SaaS, with online web interface (no management tools to install) and it has zero cost for basic functionality. Running in the Cloud, Action1 discovers all of your endpoints in seconds and you can query your entire network in plain English.
Endpoint configuration management in the Cloud
Manage endpoint configuration using plain English from the Cloud. Such as type 'Windows services' or 'reboot computer'.
Get results instantly from live systems and run automated actions.
Find more information on PCI DSS: Requirement 1
at Microsoft TechNet.