Requirement 1 Flashcards
Requirement 1
Install and maintain a firewall configuration to protect cardholder data.
Requirement 1.1
Inspect the firewall and router configuration standards and other documentation specified below and verify that standards are complete and implemented as follows.
Requirement 1.1.1
A formal process for approving and testing all network connections and changes to the firewall and router configurations.
Requirement 1.1.1.a
Examine documented procedures to verify there is a formal process for testing and approval of all network connections and changes to firewall and router configurations.
Requirement 1.1.1.b
For a sample of network connections, interview responsible personnel and examine records to verify that network connections were approved and tested.
Requirement 1.1.1.c
Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested.
Requirement 1.1.2
Current diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.
Requirement 1.1.2.a
Examine the diagram(s) and observer network configurations to verify that a current network diagram exists and that it documents all connections to the cardholder data environment, including any wireless networks.
Requirement 1.1.2.b
Interview responsible personnel to verify that the diagram is kept current.
Requirement 1.1.3
Current diagram that shows all cardholder data flows across systems and networks.
Requirement 1.1.3.a
Examine data flow diagrams and interview personnel to verify the diagram shows all cardholder dta flows across systems and networks and is kept current and updated as needed upon changes to the environment.
Requirement 1.1.4
Requirements for a firewall at each internet connection and between any demilitarized zone (DMZ) and the internal network.
Requirement 1.1.4.a
Examine the firewall configuration standards and verfiy that they include requirements for a firewall at each internet connection and between any DMZ and the internal network zone.
Requirement 1.1.4.b
Verify that the current network diagram is consistent with the firewall configuration standards.
Requirement 1.1.4.c
Observe network configurations to verify that a firewall is in place at each internet connection and between any demilitarized zone (DMZ) and the internal network zone, per the documented configuration standards and network zone.
Requirement 1.1.5
Description of groups, roles, and responsibilities for management of network components.
Requirement 1.1.5.a
Verify that firewall and router configuration standards include a description of groups, roles, and responsibilites for management of network components.
Requirement 1.1.5.b
Interview personnel responsible for management of network components to confirm that roles and responsibilities are assigned as documented.
Requirement 1.1.6
Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure (examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP v1 and v2)
Requirement 1.1.6.a
Verify that firewall and router configuration standards include a documented list of all services, protocols, and ports, including business justification for each - for example, hypertext transfer protocol (HTTP) and Secure Sockets Layer (SSL), Secure Shell (SSH), and Virtual Private Network (VPN) protocols.