Category Archives: PCI Section 1

1.3 Prohibit direct public access between the Internet and any system component in the cardholder data environment.

1.2 Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. Note: An ―untrusted network is any network that is external to the networks belonging to the entity under review, and/or which is out of the entity’s ability to control or manage.

1.1 Establish firewall and router configuration standards that include the following: Firewalls and routers are the first line of defense for any network. These devices block unwanted traffic in and out of the network. Without policies and procedures in place to manage and document the changes and configurations to firewalls and routers any organization could [...]

A firewall is basically a device that controls and limits network traffic, think of it as a gatekeeper. This requirement is looking to ensure that any network traffic into and out of the card holder network is limited to only necessary and secure communications. When the auditor looks at this section he/she will want to [...]