Install and maintain a firewall configuration to protect cardholder data |
All systems within organization’s card holder data environment (CDE) must be protected from access from untrusted networks. Firewalls represent key protection mechanism for networks, because they control the flow of traffic into and out of sensitive network areas and devices. Your corporate firewalls and routers may already provide great level of protection. However, as it pertains to endpoint protection, maintaining appropriate desktop firewall configurations for cardholder data protection remains a challenge due to the unknown risks of network connections that bypass established network topology. Examples include mobile device connection tethering or accidental usage of unsecure wireless networks setup in the same building.
NOTE: This requirement is included in the PCI DSS category called Build and Maintain a Secure Network and Systems.
1.1: Firewall and Router Configuration Standards
Assessment of desktop firewall configurations within a cardholder data environment
1.2: Restrict Connections Between Untrusted Networks and CDE
Examination of desktop firewall configurations to verify that connections from untrusted networks to workstations in CDE are restricted
1.3: Prohibit Direct Internet Access to CDE
Examination of desktop firewall configurations to verify that no direct access is allowed between the Internet and endpoints in the CDE
1.4: Personal Firewall Software
Install personal firewall on devices that connect to the Internet outside of internal network, but also used to access the CDE
Sign-up for Action1 Free Edition to streamline compliance efforts for your network of endpoints. Such as you can simplify assessments of PCI DSS: Requirement 1 for your internal or external auditors, create instant or regular compliance reports that prove your compliance while reducing the costs. Action1 Endpoint Security Platform is entirely SaaS, with online web interface (no management tools to install) and it has zero cost for basic functionality. Running in the Cloud, Action1 discovers all of your endpoints within seconds and allows you to pass compliance audits and maintain continuous compliance with ease.
Respond to Threatsin Real-Time
Ask questions in plain English such as "list of installed software" or "all running processes".
Get answers instantly from live systems or subscribe to real-time alerts.
Find more information on PCI DSS: Requirement 1
at Microsoft TechNet.