Professional Documents
Culture Documents
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
Requirement 1 (Install and Maintain a Firewall Configuration)
is about protecting your CDE from traffic (both inbound and
outbound).
- Not only that, it’s about having a proper change
management process for changes, as well as keeping
documentation on network topology + flows;
Sub-requirements include:
- 1.1 Set Configuration Standards;
- 1.2 Restrict Connections Between Untrusted Networks;
- 1.3 Prohibit Public Direct Access From Internet to CDE;
- 1.4 Install Firewall SW on All Computers Accessing the CDE;
- 1.5 Document/Enforce Policies and Procedures;
THE 12 REQUIREMENTS
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
1.1 Set Configuration Standards is all about having standards
for traffic configurations, security protocols and roles.
- Both network topology and CHD flows documented;
- A DMZ must separate local networks and Internet;
- Change management process for configurations;
- Regular (6m) review of procedures and configurations;
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
1.3 Prohibit Public Direct Access From Internet to CDE is all
about preventing public traffic from reaching CHD data:
- Creating a DMZ to limiting inbound traffic;
- Anti-spoofing to prevent spoofed IPs from entering;
- No direct traffic from Internet to CDE;
- All CDE devices in local, isolated networks;
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
1.5 Document/Enforce Policies and Procedures is simply about
making sure that staff know and follow the security policies
and procedures established.
- It’s about staff training, in essence. Making sure that
employees that deal with equipment that is vulnerable to
Internet traffic know the procedures to avoid
vulnerabilities;
THE 12 REQUIREMENTS
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
EXAMPLES
THE 12 REQUIREMENTS
REQ. 1: KEEP A FIREWALL
KEY TAKEAWAYS