Requirement 1.1.1 is about effectively managing and maintaining the various policies and procedures specified throughout Requirement 1. While it is important to define the specific policies or procedures called out in Requirement 1, it is equally important to ensure they are properly documented, maintained, and disseminated.
It is important to update policies and procedures as needed to address changes in processes, technologies, and business objectives. For these reasons, consider updating these documents as soon as possible after a change occurs and not only on a periodic cycle.
Security policies define the entity’s security objectives and principles. Operational procedures describe how to perform activities, and define the controls, methods, and processes that are followed to achieve the desired result in a consistent manner and in accordance with policy objectives.
If roles and responsibilities are not formally assigned, personnel may not be aware of their day-to-day responsibilities and critical activities may not occur.
Roles and responsibilities may be documented within policies and procedures or maintained within separate documents. As part of communicating roles and responsibilities, entities can consider having personnel acknowledge their acceptance and understanding of their assigned roles and responsibilities.
A method to document roles and responsibilities is a responsibility assignment matrix that includes who is responsible, accountable, consulted, and informed (also called a RACI matrix).
Requirement 1.1.1 is about effectively managing and maintaining the various policies and procedures specified throughout Requirement 1. While it is important to define the specific policies or procedures called out in Requirement 1, it is equally important to ensure they are properly documented, maintained, and disseminated.
It is important to update policies and procedures as needed to address changes in processes, technologies, and business objectives. For these reasons, consider updating these documents as soon as possible after a change occurs and not only on a periodic cycle.
Security policies define the entity’s security objectives and principles. Operational procedures describe how to perform activities, and define the controls, methods, and processes that are followed to achieve the desired result in a consistent manner and in accordance with policy objectives.
If roles and responsibilities are not formally assigned, personnel may not be aware of their day-to-day responsibilities and critical activities may not occur.
Roles and responsibilities may be documented within policies and procedures or maintained within separate documents. As part of communicating roles and responsibilities, entities can consider having personnel acknowledge their acceptance and understanding of their assigned roles and responsibilities.
A method to document roles and responsibilities is a responsibility assignment matrix that includes who is responsible, accountable, consulted, and informed (also called a RACI matrix).
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Configuration standards for NSC rulesets help ensure that the baseline security of network components is consistently applied and maintained. Without defined standards, configurations may be inconsistent and leave vulnerabilities that could be exploited.
Configuration standards should be reviewed and updated as part of the organization's change management process. Standards should address all NSCs, including firewalls, routers, and cloud security groups.
NSC rulesets are the configuration settings that define what traffic is allowed or denied by network security controls such as firewalls, routers, and cloud security groups.
Unauthorized or unapproved changes to network connections or NSC configurations can create vulnerabilities and expose cardholder data. Managing changes through an established change control process helps ensure the security of the network is maintained.
Changes should be documented and approved before implementation. The change control process defined at Requirement 6.5.1 should be leveraged for all changes to network connections and NSC configurations.
An accurate, up-to-date network diagram helps organizations understand their network architecture and the connections between the CDE and other networks. Without this understanding, configurations may be missed that could leave the CDE vulnerable to unauthorized access.
Network diagrams should be updated whenever there are changes to the network environment. Diagrams should clearly identify all connections to the CDE, including wireless networks, and should be reviewed periodically to ensure accuracy.
Network diagrams may include topology diagrams showing the physical and logical layout of the network, data flow diagrams, and firewall ruleset documentation.
Accurate data-flow diagrams help organizations understand and keep track of how account data flows across systems and networks. This knowledge is critical for implementing appropriate security controls and for identifying where account data may be at risk.
Data-flow diagrams should be updated as changes occur to the environment. Diagrams should show all flows of account data, including authorization, capture, settlement, chargeback, and refund flows.
Allowing unnecessary or unidentified services, protocols, or ports creates additional attack vectors. Identifying and approving only those that have a legitimate business need reduces the attack surface and helps ensure that unauthorized services are not inadvertently enabled.
All allowed services, protocols, and ports should be documented with the associated business justification. Protocols and ports that are not needed should be explicitly denied in NSC rulesets.
Services, protocols, and ports that are considered insecure can provide opportunities for malicious individuals to gain unauthorized access. Defining and implementing security features to mitigate the risks associated with insecure services reduces exposure.
Where insecure services cannot be avoided, compensating security features such as encryption or additional authentication should be implemented to reduce the risk. The risk associated with each insecure service should be documented and accepted by management.
Examples of insecure services include FTP, Telnet, and early versions of SSL/TLS. Security features to mitigate risk include encrypting the data channel or wrapping the insecure protocol in an encrypted tunnel.
NSC configurations can become outdated over time as business requirements change, technologies evolve, or new vulnerabilities are discovered. Periodic reviews help ensure that configurations remain relevant and effective in protecting the CDE.
Reviews should confirm that all rules are still needed, that temporary rules have been removed, and that configurations align with current business requirements. Reviews should be performed at least every six months and documented.
Configuration files for NSCs contain sensitive information about the network security architecture. If these files are not properly secured, unauthorized individuals could gain access to this information and use it to compromise the network.
Access to configuration files should be restricted to authorized personnel only. Running configurations should be synchronized with startup configurations to ensure consistency. Configuration files should be stored securely and backed up regularly.
Restricting inbound traffic to the CDE to only necessary communications helps ensure that unauthorized or malicious traffic cannot reach systems that store, process, or transmit cardholder data. Without such restrictions, the CDE may be exposed to attacks from external or untrusted sources.
NSC rulesets should explicitly define what traffic is allowed into the CDE and deny all other traffic by default. Rules should be based on the principle of least privilege, allowing only the minimum necessary traffic.
Restricting outbound traffic from the CDE helps prevent data exfiltration and limits the ability of attackers to communicate with external command-and-control servers. Unauthorized outbound connections from the CDE may indicate that systems have been compromised.
Outbound traffic should be limited to only what is necessary for business operations, such as payment processing. All other outbound traffic should be denied by default. Egress filtering should be implemented at the network perimeter.
Wireless networks present unique security risks because the wireless signal can extend beyond the physical boundaries of the organization. NSCs between wireless networks and the CDE help ensure that wireless traffic is properly controlled and that unauthorized wireless access to the CDE is prevented.
All wireless traffic into the CDE should be denied by default, with specific rules allowing only authorized and necessary traffic. Wireless networks should be treated as untrusted networks regardless of whether they are within the organization's physical perimeter.
Restricting inbound traffic to the CDE to only necessary communications helps ensure that unauthorized or malicious traffic cannot reach systems that store, process, or transmit cardholder data. Without such restrictions, the CDE may be exposed to attacks from external or untrusted sources.
NSC rulesets should explicitly define what traffic is allowed into the CDE and deny all other traffic by default. Rules should be based on the principle of least privilege, allowing only the minimum necessary traffic.
Restricting outbound traffic from the CDE helps prevent data exfiltration and limits the ability of attackers to communicate with external command-and-control servers. Unauthorized outbound connections from the CDE may indicate that systems have been compromised.
Outbound traffic should be limited to only what is necessary for business operations, such as payment processing. All other outbound traffic should be denied by default. Egress filtering should be implemented at the network perimeter.
Wireless networks present unique security risks because the wireless signal can extend beyond the physical boundaries of the organization. NSCs between wireless networks and the CDE help ensure that wireless traffic is properly controlled and that unauthorized wireless access to the CDE is prevented.
All wireless traffic into the CDE should be denied by default, with specific rules allowing only authorized and necessary traffic. Wireless networks should be treated as untrusted networks regardless of whether they are within the organization's physical perimeter.
Restricting inbound traffic to the CDE to only necessary communications helps ensure that unauthorized or malicious traffic cannot reach systems that store, process, or transmit cardholder data. Without such restrictions, the CDE may be exposed to attacks from external or untrusted sources.
NSC rulesets should explicitly define what traffic is allowed into the CDE and deny all other traffic by default. Rules should be based on the principle of least privilege, allowing only the minimum necessary traffic.
Restricting outbound traffic from the CDE helps prevent data exfiltration and limits the ability of attackers to communicate with external command-and-control servers. Unauthorized outbound connections from the CDE may indicate that systems have been compromised.
Outbound traffic should be limited to only what is necessary for business operations, such as payment processing. All other outbound traffic should be denied by default. Egress filtering should be implemented at the network perimeter.
Wireless networks present unique security risks because the wireless signal can extend beyond the physical boundaries of the organization. NSCs between wireless networks and the CDE help ensure that wireless traffic is properly controlled and that unauthorized wireless access to the CDE is prevented.
All wireless traffic into the CDE should be denied by default, with specific rules allowing only authorized and necessary traffic. Wireless networks should be treated as untrusted networks regardless of whether they are within the organization's physical perimeter.
NSCs between trusted and untrusted networks are essential for controlling the flow of traffic and preventing unauthorized access. Without these controls, untrusted networks could directly access systems and data in trusted network segments.
NSCs should be placed at all connection points between trusted and untrusted networks. This includes connections to the Internet, partner networks, and other external networks. The NSCs should enforce policies that restrict traffic to only what is necessary.
Restricting inbound traffic from untrusted networks helps prevent unauthorized access and reduces the risk of attacks against systems in trusted network segments. Allowing only necessary traffic minimizes the attack surface.
Inbound traffic from untrusted networks should be limited to communications with system components that are authorized to provide publicly accessible services, protocols, and ports. All other inbound traffic should be denied.
Untrusted networks include any network that is external to the networks belonging to the entity under review, or that is out of the entity's ability to control or manage.
Anti-spoofing measures help prevent attackers from using forged source IP addresses to bypass network security controls. Without these measures, traffic from untrusted networks could appear to originate from trusted internal networks.
NSCs should be configured to detect and block traffic with spoofed source addresses. This includes implementing ingress filtering to verify that source addresses are valid and egress filtering to prevent internal addresses from leaving the network.
System components that store cardholder data should not be directly accessible from untrusted networks. Placing these components in an internal network zone behind a DMZ or other security controls helps protect them from direct attack.
Systems that store cardholder data should be placed in internal network zones that are not directly accessible from the Internet or other untrusted networks. Access to these systems should be mediated through proxy servers, application firewalls, or other security controls.
Disclosing internal IP addresses and routing information to external parties can provide attackers with valuable information about the internal network topology, making it easier to target specific systems. Restricting disclosure of this information helps maintain the confidentiality of the network architecture.
Techniques such as Network Address Translation (NAT), placing systems behind proxy servers, and using private IP address spaces help prevent the disclosure of internal addressing information. Only authorized individuals should have access to internal routing information.
NSCs between trusted and untrusted networks are essential for controlling the flow of traffic and preventing unauthorized access. Without these controls, untrusted networks could directly access systems and data in trusted network segments.
NSCs should be placed at all connection points between trusted and untrusted networks. This includes connections to the Internet, partner networks, and other external networks. The NSCs should enforce policies that restrict traffic to only what is necessary.
Restricting inbound traffic from untrusted networks helps prevent unauthorized access and reduces the risk of attacks against systems in trusted network segments. Allowing only necessary traffic minimizes the attack surface.
Inbound traffic from untrusted networks should be limited to communications with system components that are authorized to provide publicly accessible services, protocols, and ports. All other inbound traffic should be denied.
Untrusted networks include any network that is external to the networks belonging to the entity under review, or that is out of the entity's ability to control or manage.
Anti-spoofing measures help prevent attackers from using forged source IP addresses to bypass network security controls. Without these measures, traffic from untrusted networks could appear to originate from trusted internal networks.
NSCs should be configured to detect and block traffic with spoofed source addresses. This includes implementing ingress filtering to verify that source addresses are valid and egress filtering to prevent internal addresses from leaving the network.
System components that store cardholder data should not be directly accessible from untrusted networks. Placing these components in an internal network zone behind a DMZ or other security controls helps protect them from direct attack.
Systems that store cardholder data should be placed in internal network zones that are not directly accessible from the Internet or other untrusted networks. Access to these systems should be mediated through proxy servers, application firewalls, or other security controls.
Disclosing internal IP addresses and routing information to external parties can provide attackers with valuable information about the internal network topology, making it easier to target specific systems. Restricting disclosure of this information helps maintain the confidentiality of the network architecture.
Techniques such as Network Address Translation (NAT), placing systems behind proxy servers, and using private IP address spaces help prevent the disclosure of internal addressing information. Only authorized individuals should have access to internal routing information.
NSCs between trusted and untrusted networks are essential for controlling the flow of traffic and preventing unauthorized access. Without these controls, untrusted networks could directly access systems and data in trusted network segments.
NSCs should be placed at all connection points between trusted and untrusted networks. This includes connections to the Internet, partner networks, and other external networks. The NSCs should enforce policies that restrict traffic to only what is necessary.
Restricting inbound traffic from untrusted networks helps prevent unauthorized access and reduces the risk of attacks against systems in trusted network segments. Allowing only necessary traffic minimizes the attack surface.
Inbound traffic from untrusted networks should be limited to communications with system components that are authorized to provide publicly accessible services, protocols, and ports. All other inbound traffic should be denied.
Untrusted networks include any network that is external to the networks belonging to the entity under review, or that is out of the entity's ability to control or manage.
Anti-spoofing measures help prevent attackers from using forged source IP addresses to bypass network security controls. Without these measures, traffic from untrusted networks could appear to originate from trusted internal networks.
NSCs should be configured to detect and block traffic with spoofed source addresses. This includes implementing ingress filtering to verify that source addresses are valid and egress filtering to prevent internal addresses from leaving the network.
System components that store cardholder data should not be directly accessible from untrusted networks. Placing these components in an internal network zone behind a DMZ or other security controls helps protect them from direct attack.
Systems that store cardholder data should be placed in internal network zones that are not directly accessible from the Internet or other untrusted networks. Access to these systems should be mediated through proxy servers, application firewalls, or other security controls.
Disclosing internal IP addresses and routing information to external parties can provide attackers with valuable information about the internal network topology, making it easier to target specific systems. Restricting disclosure of this information helps maintain the confidentiality of the network architecture.
Techniques such as Network Address Translation (NAT), placing systems behind proxy servers, and using private IP address spaces help prevent the disclosure of internal addressing information. Only authorized individuals should have access to internal routing information.
NSCs between trusted and untrusted networks are essential for controlling the flow of traffic and preventing unauthorized access. Without these controls, untrusted networks could directly access systems and data in trusted network segments.
NSCs should be placed at all connection points between trusted and untrusted networks. This includes connections to the Internet, partner networks, and other external networks. The NSCs should enforce policies that restrict traffic to only what is necessary.
Restricting inbound traffic from untrusted networks helps prevent unauthorized access and reduces the risk of attacks against systems in trusted network segments. Allowing only necessary traffic minimizes the attack surface.
Inbound traffic from untrusted networks should be limited to communications with system components that are authorized to provide publicly accessible services, protocols, and ports. All other inbound traffic should be denied.
Untrusted networks include any network that is external to the networks belonging to the entity under review, or that is out of the entity's ability to control or manage.
Anti-spoofing measures help prevent attackers from using forged source IP addresses to bypass network security controls. Without these measures, traffic from untrusted networks could appear to originate from trusted internal networks.
NSCs should be configured to detect and block traffic with spoofed source addresses. This includes implementing ingress filtering to verify that source addresses are valid and egress filtering to prevent internal addresses from leaving the network.
System components that store cardholder data should not be directly accessible from untrusted networks. Placing these components in an internal network zone behind a DMZ or other security controls helps protect them from direct attack.
Systems that store cardholder data should be placed in internal network zones that are not directly accessible from the Internet or other untrusted networks. Access to these systems should be mediated through proxy servers, application firewalls, or other security controls.
Disclosing internal IP addresses and routing information to external parties can provide attackers with valuable information about the internal network topology, making it easier to target specific systems. Restricting disclosure of this information helps maintain the confidentiality of the network architecture.
Techniques such as Network Address Translation (NAT), placing systems behind proxy servers, and using private IP address spaces help prevent the disclosure of internal addressing information. Only authorized individuals should have access to internal routing information.
NSCs between trusted and untrusted networks are essential for controlling the flow of traffic and preventing unauthorized access. Without these controls, untrusted networks could directly access systems and data in trusted network segments.
NSCs should be placed at all connection points between trusted and untrusted networks. This includes connections to the Internet, partner networks, and other external networks. The NSCs should enforce policies that restrict traffic to only what is necessary.
Restricting inbound traffic from untrusted networks helps prevent unauthorized access and reduces the risk of attacks against systems in trusted network segments. Allowing only necessary traffic minimizes the attack surface.
Inbound traffic from untrusted networks should be limited to communications with system components that are authorized to provide publicly accessible services, protocols, and ports. All other inbound traffic should be denied.
Untrusted networks include any network that is external to the networks belonging to the entity under review, or that is out of the entity's ability to control or manage.
Anti-spoofing measures help prevent attackers from using forged source IP addresses to bypass network security controls. Without these measures, traffic from untrusted networks could appear to originate from trusted internal networks.
NSCs should be configured to detect and block traffic with spoofed source addresses. This includes implementing ingress filtering to verify that source addresses are valid and egress filtering to prevent internal addresses from leaving the network.
System components that store cardholder data should not be directly accessible from untrusted networks. Placing these components in an internal network zone behind a DMZ or other security controls helps protect them from direct attack.
Systems that store cardholder data should be placed in internal network zones that are not directly accessible from the Internet or other untrusted networks. Access to these systems should be mediated through proxy servers, application firewalls, or other security controls.
Disclosing internal IP addresses and routing information to external parties can provide attackers with valuable information about the internal network topology, making it easier to target specific systems. Restricting disclosure of this information helps maintain the confidentiality of the network architecture.
Techniques such as Network Address Translation (NAT), placing systems behind proxy servers, and using private IP address spaces help prevent the disclosure of internal addressing information. Only authorized individuals should have access to internal routing information.
Computing devices that connect to both untrusted networks and the CDE can serve as entry points for attackers to access the CDE. If such devices are compromised while connected to an untrusted network, the compromise could extend into the CDE. Security controls on these devices help mitigate this risk.
Personal firewall or equivalent functionality should be active on all portable computing devices and devices owned by employees that connect to both the Internet and the CDE. The security controls should be configured according to specific organizational standards and should not be alterable by users without authorization.
A personal firewall is a software-based security control that monitors and controls network traffic to and from a computing device. Equivalent functionality may be provided by endpoint security software or other security tools.