APPENDIX 5 – PCI DSS MAPPING TO ISO27001
PCI Number |
Description |
ISO27001:2005 Reference(s) |
Build and maintain secure network |
|
|
Requirement 1: Install and maintain a firewall configuration to protect data |
|
|
1.1 |
Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards? |
|
1.2 |
If wireless technology is used, is the access to the network limited to authorised devices? |
10.6.1, 10.8.1, 11.4.2, 11.4.5, 11.7.1, 11.7.2 |
1.3 |
Do changes to the firewall need authorisation and are the changes logged? |
|
1.4 |
Is a firewall used to protect the network and limit traffic to that which is required to conduct business? |
11.4.5 |
1.5 |
Are egress and ingress filters installed ... |
Get PCI DSS: A Practical Guide to implementing and maintaining compliance, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.