Back to Dashboard
Req 1: Install and Maintain Network Security Controls
Protect your network from unauthorized access.
Responsibility
Shared
Compliance Status
Compliant
100%Overview
Network security controls (NSCs), such as firewalls, are essential for protecting your network. This requirement focuses on properly configuring and maintaining these controls to prevent unauthorized access to and from your network.
Key Actions for Compliance
A non-exhaustive list of actions your organization should take to meet this requirement.
- Define and document all network connections and firewall configurations.
- Establish and implement firewall and router configuration standards.
- Review firewall and router rule sets at least every six months.
- Restrict inbound and outbound traffic to only that which is necessary for the cardholder data environment (CDE).
Testing Procedures (Simplified)
How auditors may verify that this requirement is met.
- Examine network diagrams and firewall configurations to verify that traffic is restricted to only what is necessary.
- Interview personnel to confirm that firewall and router configurations are reviewed at least every six months.
- Verify that there is a formal process for approving and testing all network connections and changes to the firewall and router configurations.