Req 1

Question 1

Establish and implement firewall and router configuration standards

Answer 1

Requirement 1.1

Question 2

Build firewall and router configuration that restrict connections between untrusted networks and any system components in the cardholder data envirnment

Answer 2

Requirement 1.2

Question 3

Prohibit direct public access between the Internet and any system component in the cardholder data environment

Answer 3

Requirement 1.3

Question 4

Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owed) that connect to the Internet when outside the network (for example, laptop used by employees), and which are also used to access the CDE.

Answer 4

Requirement 1.4

Question 5

Ensure that security policies and operational procedures for managing firewall are documented, in use, and known to all affected parties

Answer 5

Requirement 1.5

Question 6

A formal process for approving and testing all network connections and changes to firewall and router configurations.

Answer 6

Requirement 1.1.1

Question 7

Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.

Answer 7

Requirement 1.1.2

Question 8

Current diagram that shows all cardholder DATA FLOWS across systems and networks.

Answer 8

Requirement 1.1.3

Question 9

Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone.

Answer 9

Requirement 1.1.4

Question 10

Description of groups, roles, and responsibilities for management of network components.

Answer 10

Requirement 1.1.5

Question 11

Documentation of business justification and approval for use of all service, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.

Answer 11

Requirement 1.1.6

Question 12

Requirement to review firewall and router rule sets at least every SIX months

Answer 12

Requirement 1.1.7

Question 13

Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.

Answer 13

Requirement 1.2.1

Question 14

Secure and synchronize router configuration files.

Answer 14

Requirement 1.2.2

Question 15

Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purpose, permit only authorized traffic between the wireless environment and the cardholder data environment.

Answer 15

Requirement 1.2.3

Question 16

Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.

Answer 16

Requirement 1.3.1

Question 17

Limit inbound Internet traffic to IP addresses within the DMZ,

Answer 17

Requirement 1.3.2

Question 18

Implement anti-spoofing measure to detect and block forged source IP addresses from entering the network.

Answer 18

Requirement 1.3.3

Question 19

Do not allow unauthorized outbound traffic from the cardholder data environment.

Answer 19

Requirement 1.3.4

Question 20

Permit only “established” connection into the network.

Answer 20

Requirement 1.3.5

Question 21

Place system components that store cardholder data (such as a database) in an internals network zone, segregated from the DMZ and other untrusted networks.

Answer 21

Requirement 1.3.6

Question 22

Do not disclose private IP addresses and routing information to unauthorized parties.

Answer 22

Requirement 1.3.7