• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/11

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

11 Cards in this Set

  • Front
  • Back
1.1
Establish and implement firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections between the cardholder data environment and other networks (including wireless) with documentation and diagrams; that document business justification and various technical settings for each implementation; that diagram all cardholder data flows across systems and networks; and stipulate a review of configuration rule sets at least every six months.
1.2
Build firewall and router configurations that restrict all traffic, inbound and outbound, from "untrusted” networks (including wireless) and hosts, and specifically deny all other traffic except for protocols necessary for the cardholder data environment.
1.3
Prohibit direct public access between the Internet and any system component in the cardholder data environment.
1.4
Install personal firewall software on any mobile and/or employee-owned devices that connect to the Internet when outside the network, and which are also used to access the network.
1.5
Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties.
2.1
Always change ALL vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network. This includes wireless devices that are connected to the cardholder data environment or are used to transmit cardholder data.
2.2
Develop configuration standards for all system components that address all known security vulnerabilities and are consistent with industry-accepted definitions. Update system configuration standards as new vulnerability issues are identified.
2.3
Using strong cryptography, encrypt all non-console administrative access such as browser/webbasedmanagement tools.
2.4
Maintain an inventory of system components that are in scope for PCI DSS.
2.5
Ensure that related security policies and operational procedures are documented, in use, and known to all affected parties.
2.6

Shared hosting providers must protect each entity’s hosted environment and cardholder data (details are in PCI DSS Appendix A: “Additional PCI DSS Requirements for Shared Hosting Providers.”)