Chapter 9: Aspects of PCI DSS compliance

Requirement 1 (Install and maintain network security controls)

Requirement 1 is concerned with controlling network traffic into and out of the cardholder data environment (CDE). This includes traffic to and from the Internet and between internal trusted and untrusted networks (‘untrusted’ meaning a network not assessed for PCI compliance).

Older versions of the PCI DSS referred to firewalls and routers, but version 4 refers to network security controls (NSCs), recognising the technologies such as security groups used in Cloud environments.

The sub-requirements are as follows:

• Processes and mechanisms for installing and maintaining network security controls are defined and understood.

• Network security ...

Get PCI DSS Version 4.0 - A guide to the payment card industry data security standard now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PCI DSS Version 4.0 - A guide to the payment card industry data security standard by Stephen Hancock

CHAPTER 9: ASPECTS OF PCI DSS COMPLIANCE

Requirement 1 (Install and maintain network security controls)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly