Requirement 1 Flashcards
What is requirement 1 in PCI DSS 3.2.1?
Install and maintain a firewall configuration to protect cardholder data
Which sub-requirement reads, “Establish and implement firewall and router configuration standards that include the following:”?
Requirement 1.1
Which sub-requirement reads, “Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment”?
Requirement 1.2
Which sub-requirement reads, “Prohibit direct public access between the Internet and any system component in the cardholder data environment.”?
Requirement 1.3
Which sub-requirement reads, “Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE. Firewall (or equivalent) configurations include:
Specific configuration settings are defined
Personal firewall (or equivalent functionality) is actively running
Personal firewall (or equivalent functionality) is not alterable by users of the portable computing devices”?
Requirement 1.4
Which sub-requirement reads, “Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties”?
Requirement 1.5
What is sub-requirement 1.1?
Establish and implement firewall and router configuration standards that include the following:
What is sub-requirement 1.2?
Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment
What is sub-requirement 1.3?
Prohibit direct public access between the Internet and any system component in the cardholder data environment.
What is sub-requirement 1.4?
Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the CDE. Firewall (or equivalent) configurations include:
Specific configuration settings are defined
Personal firewall (or equivalent functionality) is actively running
Personal firewall (or equivalent functionality) is not alterable by users of the portable computing devices”?
What is sub-requirement 1.5?
Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties
Which sub-sub-requirement reads, “A formal process for approving and testing all network connections and changes to the firewall and router configurations”?
1.1.1
The three testing procedures are:
1.1.1.a - Examine documented procedures to verify there is a formal process for testing and approval of all network connections and changes to firewall and router configurations
1.1.1.b - For a sample of network connections, interview responsible personnel and examine records to verify that network connections were approved and tested.
1.1.1.c - Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested.
Which sub-sub-requirement reads, “Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks”?
1.1.2
The two testing procedures are:
1.1.2.a - Examine diagram(s) and observe network configurations to verify that a current network diagram exists and that it documents all connections to cardholder data, including any wireless networks.
1.1.2.b - Interview responsible personnel to verify that the diagram is kept current.
Which sub-sub-requirement reads, “Current diagram that shows all cardholder data flows across systems and networks.”?
1.1.3
The testing procedure is:
1.1.3.a - Examine data-flow diagram and interview personnel to verify the diagram:
- shows all cardholder data flows across systems and networks
- is kept current and updated as needed upon changes to the environment
Which sub-sub-requirement reads, “Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the
internal network zone.”?
1.1.4
The three testing procedures are:
1.1.4.a - Examine the firewall configuration standards and verify that they include requirements for a firewall at each internet connection and between any DMZ and the internal network zone
1.1.4.b - Verify that the current network diagram is consistent with the firewall configuration standards.
1.1.4.c - Observe network configurations to verify that a firewall is in place at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone, per the documented configuration standards and network diagrams