PCIP - Chapter 3 - PCI DSS Requirement 1 fully solved
2023
What is Requirement 1
Install and maintain a firewall and router configuration to protect cardholder data
What does a firewall do?
(1) This controls traffic between an entity's internal networks and untrusted networks, as
well as traffic into and out of sensitive areas such as the entity's cardholder data
environment.
(2) They examine and control all network traffic while blocking transmissions that do not
meet the specified rules that exist within the configuration settings.
(3) All systems within the cardholder data environment must be protected from
unauthorized access from any untrusted networks, and firewalls play a key role in
providing such protection.
Req. 1.1.1 A formal process for approving and testing all network connections
and change to the firewall and router configurations
Why? Without approval and testing of changes, records of changes may not be updated
which could lead to inconsistencies between network documentation and actual
configuration.
1.1.2 Have a current network diagram that identifies all connections between the
cardholder data environment and other networks including wireless networks
Why? Without current network diagrams, devices could be overlooked and be
unknowingly left out of the security controls implemented for PCI DSS and thus be
vulnerable to compromis
1.1.3 Have a current diagram that shows all cardholder data flows across systems
and networks
Why? Network and cardholder data flow diagrams help an organization to understand
and keep track of the scope of their environment, by showing how cardholder data flows
across networks and between individual systems and devices.
1.1.4 Requirements for a firewall at each Internet connection and between any
demilitarized zone and the internal network zone.
Why? Using a firewall on every Internet connection coming into (and out of) the network
and between any DMZ and the internal network allows the organization to monitor and
control access and minimizes the chances of a malicious individual obtaining access to
the internal network via an unprotected connection
1.1.5 Description of groups, roles and responsibilities for management of network
components
Why? This description of roles and assignment of responsibilities ensures that
personnel are aware of who is responsible for the security of all network components,
and that those to manage components are aware of their responsibilities.
1.1.6 Documentation of business justification and approval for use of all services,
protocols and ports allowed including documentation of security features
implemented for those protocols considered to be insecure
2023
What is Requirement 1
Install and maintain a firewall and router configuration to protect cardholder data
What does a firewall do?
(1) This controls traffic between an entity's internal networks and untrusted networks, as
well as traffic into and out of sensitive areas such as the entity's cardholder data
environment.
(2) They examine and control all network traffic while blocking transmissions that do not
meet the specified rules that exist within the configuration settings.
(3) All systems within the cardholder data environment must be protected from
unauthorized access from any untrusted networks, and firewalls play a key role in
providing such protection.
Req. 1.1.1 A formal process for approving and testing all network connections
and change to the firewall and router configurations
Why? Without approval and testing of changes, records of changes may not be updated
which could lead to inconsistencies between network documentation and actual
configuration.
1.1.2 Have a current network diagram that identifies all connections between the
cardholder data environment and other networks including wireless networks
Why? Without current network diagrams, devices could be overlooked and be
unknowingly left out of the security controls implemented for PCI DSS and thus be
vulnerable to compromis
1.1.3 Have a current diagram that shows all cardholder data flows across systems
and networks
Why? Network and cardholder data flow diagrams help an organization to understand
and keep track of the scope of their environment, by showing how cardholder data flows
across networks and between individual systems and devices.
1.1.4 Requirements for a firewall at each Internet connection and between any
demilitarized zone and the internal network zone.
Why? Using a firewall on every Internet connection coming into (and out of) the network
and between any DMZ and the internal network allows the organization to monitor and
control access and minimizes the chances of a malicious individual obtaining access to
the internal network via an unprotected connection
1.1.5 Description of groups, roles and responsibilities for management of network
components
Why? This description of roles and assignment of responsibilities ensures that
personnel are aware of who is responsible for the security of all network components,
and that those to manage components are aware of their responsibilities.
1.1.6 Documentation of business justification and approval for use of all services,
protocols and ports allowed including documentation of security features
implemented for those protocols considered to be insecure
