Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
|
Requirement 1.1 |
Establish and implement firewall and router configuration standards that include the following: 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 |
|
|
Requirement 1.1.1 |
A formal process for approving and testing all network connectionsand changes to the firewall and router configurations |
|
|
Requirement 1.1.2 |
Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wirelessnetworks |
|
|
Requirement 1.1.3 |
Current diagram that shows all cardholder data flows across systems and networks |
|
|
Requirement 1.1.4 |
Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone |
|
|
Requirement 1.1.5 |
Description of groups, roles, and responsibilities for management of network components |
|
|
Requirement 1.1.6 |
Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure. Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP,and SNMP v1 and v2 |
|
|
Requirement 1.1.7 |
Requirement to review firewall and router rule sets at least every sixmonths |
|
|
Requirement 1.2 |
Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. |
|
|
Requirement 1.2.1 |
Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic. |
|
|
Requirement 1.2.2 |
Secure and synchronize router configuration files. |
|
|
Requirement 1.2.3 |
Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment. |
|
|
Requirement 1.3 |
Prohibit direct public access between the Internet and any system component in the cardholder data environment. |
|
|
Requirement 1.3.1 |
Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols,and ports. |
|
|
Requirement 1.3.2 |
Limit inbound Internet traffic to IP addresses within the DMZ. |
|
|
Requirement 1.3.3 |
Do not allow any direct connections inbound or outbound for traffic between the Internet and the cardholder data environment. |
|
|
Requirement 1.3.4 |
Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network.(For example, block traffic originating from the Internet with an internal source address.) |
|
|
Requirement 1.3.5 |
Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet. |
|
|
Requirement 1.3.6 |
Implement stateful inspection, also known as dynamic packet filtering. (That is, only “established”connections are allowed into the network.) |
|
|
Requirement 1.3.7 |
Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks. |
|
|
Requirement 1.3.8 |
Do not disclose private IP addresses and routing information to unauthorized parties. |
|
|
Requirement 1.4 |
Install personal firewall software onany mobile and/or employee-owned devices that connect to the Internet when outside the network (for example, laptops used by employees), and which are also used to access the network. Firewall configurations include: Specific configuration settings are defined for personal firewall software. Personal firewall software is actively running. Personal firewall software is not alterable by users of mobile and/or employee-owned devices. |
|
|
Requirement 1.5 |
Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties. |
|
|
Requirement 2.1 |
Always change vendor-supplieddefaults and remove or disableunnecessary default accounts beforeinstalling a system on the network.This applies to ALL default passwords,including but not limited to those used byoperating systems, software thatprovides security services, applicationand system accounts, point-of-sale(POS) terminals, Simple NetworkManagement Protocol (SNMP)community strings, etc.). |
|
|
Requirement 2.1.1 |
For wireless environmentsconnected to the cardholder dataenvironment or transmitting cardholderdata, change ALL wireless vendordefaults at installation, including but notlimited to default wireless encryptionkeys, passwords, and SNMPcommunity strings. |
|
|
Requirement 2.2 |
Develop configuration standards forall system components. Assure thatthese standards address all knownsecurity vulnerabilities and are consistentwith industry-accepted system hardeningstandards.Sources of industry-accepted systemhardening standards may include, butare not limited to: Center for Internet Security (CIS) International Organization forStandardization (ISO) SysAdmin Audit Network Security(SANS) Institute National Institute of StandardsTechnology (NIST). |
|
|
Requirement 2.2.1 |
Implement only one primaryfunction per server to prevent functionsthat require different security levelsfrom co-existing on the same server.(For example, web servers, databaseservers, and DNS should beimplemented on separate servers.) |
|
|
Requirement 2.2.2 |
Enable only necessary services,protocols, daemons, etc., as requiredfor the function of the system. |
|
|
Requirement 2.2.3 |
Implement additional securityfeatures for any required services,protocols, or daemons that areconsidered to be insecure—forexample, use secured technologiessuch as SSH, S-FTP, TLS, or IPSecVPN to protect insecure services suchas NetBIOS, file-sharing, Telnet, FTP,etc |
|
|
Requirement 2.2.4 |
Configure system securityparameters to prevent misuse. |
|
|
Requirement 2.2.5 |
Remove all unnecessaryfunctionality, such as scripts, drivers,features, subsystems, file systems, andunnecessary web servers. |
|
|
Requirement 2.3 |
Encrypt all non-consoleadministrative access using strongcryptography. Use technologies such asSSH, VPN, or TLS for web-basedmanagement and other non-consoleadministrative access. |
|
|
Requirement 2.4 |
Maintain an inventory of systemcomponents that are in scope for PCIDSS |
|
|
Requirement 2.5 |
Ensure that security policies andoperational procedures for managingvendor defaults and other securityparameters are documented, in use, andknown to all affected parties. |
|
|
Requirement 2.6 |
Shared hosting providers mustprotect each entity’s hosted environmentand cardholder data. These providersmust meet specific requirements asdetailed in Appendix A: Additional PCIDSS Requirements for Shared HostingProviders. |
