Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

3.0 PCI DSS Compliance > Requirement 1 > Flashcards

Requirement 1 Flashcards

1
Q

Requirement 1

A

Install and maintain a firewall configuration to protect cardholder data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Requirement 1.1

A

Inspect the firewall and router configuration standards and other documentation specified below and verify that standards are complete and implemented as follows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Requirement 1.1.1

A

A formal process for approving and testing all network connections and changes to the firewall and router configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Requirement 1.1.1.a

A

Examine documented procedures to verify there is a formal process for testing and approval of all network connections and changes to firewall and router configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Requirement 1.1.1.b

A

For a sample of network connections, interview responsible personnel and examine records to verify that network connections were approved and tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Requirement 1.1.1.c

A

Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Requirement 1.1.2

A

Current diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Requirement 1.1.2.a

A

Examine the diagram(s) and observer network configurations to verify that a current network diagram exists and that it documents all connections to the cardholder data environment, including any wireless networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Requirement 1.1.2.b

A

Interview responsible personnel to verify that the diagram is kept current.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Requirement 1.1.3

A

Current diagram that shows all cardholder data flows across systems and networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Requirement 1.1.3.a

A

Examine data flow diagrams and interview personnel to verify the diagram shows all cardholder dta flows across systems and networks and is kept current and updated as needed upon changes to the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Requirement 1.1.4

A

Requirements for a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Requirement 1.1.4.a

A

Examine the firewall configuration standards and verfiy that they include requirements for a firewall at each internet connection and between any DMZ and the internal network zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Requirement 1.1.4.b

A

Verify that the current network diagram is consistent with the firewall configuration standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Requirement 1.1.4.c

A

Observe network configurations to verify that a firewall is in place at each internet connection and between any demilitarized zone (DMZ) and the internal network zone, per the documented configuration standards and network zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Requirement 1.1.5

A

Description of groups, roles, and responsibilities for management of network components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Requirement 1.1.5.a

A

Verify that firewall and router configuration standards include a description of groups, roles, and responsibilites for management of network components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Requirement 1.1.5.b

A

Interview personnel responsible for management of network components to confirm that roles and responsibilities are assigned as documented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Requirement 1.1.6

A

Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure (examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP v1 and v2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Requirement 1.1.6.a

A

Verify that firewall and router configuration standards include a documented list of all services, protocols, and ports, including business justification for each - for example, hypertext transfer protocol (HTTP) and Secure Sockets Layer (SSL), Secure Shell (SSH), and Virtual Private Network (VPN) protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Requirement 1.1.6.b

A

Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service.

22
Q

Requirement 1.1.6.c

A

Examine firewall and router configurations to verify that the documented security features are implemented for each insecure service, protocol, and port.

23
Q

Requirement 1.1.7

A

Requirement to review firewall and router rule sets at least every six months.

24
Q

Requirement 1.1.7.a

A

Verify that firewall and router configuration standards require review of firewall and router rule sets at least every six months.

25
Q

Requirement 1.1.7.b

A

Examine documentation relating to rule set reviews and interview responsible personnel to verify that rule sets are reviewed at least every six months.

26
Q

Requirement 1.2

A

Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. // Note: an untrusted network is any network that is external to the networks belonging to the entity under review and/or which is out of the entity’s ability to control or manage. // Examien firewall and router configurations and perform the following to verify that connections are restricted between untrusted networks and system components in teh cardholder data environment.

27
Q

Requirement 1.2.1

A

Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically denty all other traffic.

28
Q

Requirement 1.2.1.a

A

Examine firewall and router configuration standards to verify that they identify inbound and outboud traffic necessary for the cardholder data environment.

29
Q

Requirement 1.2.1.b

A

Examine firewall and router configurations to verify that inbound and outboud traffic is limited to that which is necessary for the cardholder data environment.

30
Q

Requirement 1.2.1.c

A

Examine firewall and router configurations to verify that all other inbound and outbound traffic is specifically denied, for example by using an explicit “deny all” or an implicit deny after allow statement.

31
Q

Requirement 1.2.2

A

Secure and synchronise router configuration files

32
Q

Rquirement 1.2.2.a

A

Examine router configuration files to verify they are secured from unauthorised access.

33
Q

Requirement 1.2.2.b

A

Examine router configurations to verify they are synchronized - for example, the running (or active) configuration matches the start-up configuration (used when machines are booted)

34
Q

Requirement 1.2.3

A

Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorised traffic between the wireless environment and the cardholder data environment.

35
Q

Requirement 1.2.3.a

A

Examine fireall and router configurations to verify that there are perimeter firewalls installed between all wireless networks and the cardholder data environment.

36
Q

Requirement 1.2.3.b

A

Verify that the firewalls deny or, if traffic is necessary for business purposes, permit only authorised traffic between the wireless environment and the cardholder data environment.

37
Q

Requirement 1.3

A

Prohibit direct public access between the internet and any sysstem component in the cardholder data environment // Examine firewall and router configurations 0 including but not limited ot the choke router at the internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment - and perform the following to determine that there is no direct access between the internet and system components in the internal carholder network segment.

38
Q

Requirement 1.3.1

A

Implement a DMZ to limit inbound traffic on only system components that provide authorised publically accessible srvices, protocols, and ports // Examine firewall and router configurations to verify that a DMZ is implemented to limit inbound traffic to only system components that provide authorised publically accessible services, protocols, and ports.

39
Q

Requirement 1.3.2

A

Limit inbound internet traffic to IP addresses within the DMZ // Examine firewall and router configurations to verify that inbound internet traffic is limited to IP addresses within the DMZ.

40
Q

Requirement 1.3.3

A

Do not allow any direction connections inbound or outbound for traffic between the internet and the cardholder data environment // Examine firewall and router configurations to verify direct connections inbound or outbound are not allowed for traffic between the internet and the cardholder data environment.

41
Q

Requirement 1.3.4

A

Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network (for example, block traffic irginating from the internet with an internal source address) // Eamine firewall and router configurations to verify that anti-spoofing measures are implemented, for example internal addresses cannot pass from the internet into the DMZ.

42
Q

Requirement 1.3.5

A

Do not allow unauthorised outbound traffic from the cardholder data environment to the internet // Examine firewall and router configurations to verify that outbound traffic from the cardholder data environment to the internet is explicitly authorised.

43
Q

Requirement 1.3.6

A

Implement stateful inspection, also known as dynamic packet filtering (that is, only “established” connections are allowed into the network.) // Examien firewall and router configurations to verify that the firewall performs stateful inpsection (dyynamic packet filtering). Only established connections should be allowed in, and only if they are associated with a previously established session.

44
Q

Requirement 1.3.7

A

Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks // Examien firewall and router configurations to verify that system components that store cardholder data are on an internal network zone, segregated from the DMZ and other untrusted networks.

45
Q

Requirement 1.3.8

A

Do not disclose private IP addresses and routing information to unauthorised parties (methods to obscure IP addressing may include, but are not limited to: network address translation (NAT), placing servers containing cardholder data behind proxy servers / firewalls, removal or filtering of route advertisements for private networks that employ registered addressing, internal use of RFC1918 address space instead of registered addresses).

46
Q

Requirement 1.3.8.a

A

Examine firewall and router configurations to verify that methods are in place to prevent the disclosure of private IP addresses and routing information from internal networks to the internet.

47
Q

Requirement 1.3.8.b

A

Interview personnel and examine documentation to verify that any disclosure of private IP adresses and routing information to external entities is authorised.

48
Q

Requirement 1.4

A

Install personal firewall software on any mobile and/or employee-owned devices that connect to the internet when outside the network (for example, laptops used by employees), and which are also used to access the network. Firewall configurations include: specific configuration settings are defined for firewall software, personal firewall software is actively running, and personal firewall software is not alterable by users of mobile and/or employee-owned devices.

49
Q

Requirement 1.4.a

A

Examine policies and configuration standards to verify personal firewall software is required for all mobile and/or employee owned devices that connect to the internet (for example laptops used by employees) when outside the network, and which are also used to access the network; specific configuration settings are defined for personal firewall software; personal firewall software is configured to actively run; and personal firewall software is configured to not be alterable by users of mobile and/or employee-owned devices.

50
Q

Requirement 1.4.b

A

Inspect a sample of mobile and/or employee owned devices to verify that personal firewall software is installed and configured per the organisation’s specific configuration settings; personal firewall software is actively running; and personal firewall software is not alterable by users of mobile and/or employee owned devices.

51
Q

Requirement 1.5

A

Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties.

3.0 PCI DSS Compliance (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions