Requirement 1: Network Security Controls

Install and maintain network security controls to protect cardholder data

Requirement 1: Network Security Controls

1.1 Firewall Configuration

Description

Establish and implement firewall and router configuration standards.

Implementation

Restrict inbound and outbound traffic to only necessary protocols
Secure and synchronize router configuration files
Build firewall and router configurations that restrict connections

Testing Procedures

Verify firewall and router configuration standards exist
Examine network diagrams to identify all connections
Review firewall and router configurations

1.2 Router Security

Description

Secure configuration of all network components.

Implementation

Change vendor defaults (passwords, SNMP strings)
Implement only one primary function per server
Disable unnecessary services, protocols, daemons

Testing Procedures

Verify vendor defaults are changed
Verify unnecessary services are disabled
Check that only required functionality is enabled

1.3 Network Segmentation

Description

Properly segment networks to isolate cardholder data environment.

Implementation

Document all network connections and data flows
Implement DMZ to limit inbound traffic
Restrict outbound traffic from cardholder data environment

Testing Procedures

Verify network segmentation controls are in place
Test traffic flows between zones
Verify documentation of all connections

PreviousOverview

Next2: Secure Configurations

On this page

1.1 Firewall Configuration Description Implementation Testing Procedures 1.2 Router Security Description Implementation Testing Procedures 1.3 Network Segmentation Description Implementation Testing Procedures