|
About the Build and Maintain a Secure Network and Systems category
|
|
0
|
9
|
February 9, 2023
|
|
2.6 Shared hosting providers must protect each entity’s hosted environment and cardholder data. These providers must meet specific requirements as detailed in Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers
|
|
0
|
7
|
February 9, 2023
|
|
2.5 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties
|
|
0
|
6
|
February 9, 2023
|
|
2.4 Maintain an inventory of system components that are in scope for PCI DSS
|
|
0
|
10
|
February 9, 2023
|
|
2.3 Encrypt all non-console administrative access using strong cryptography
|
|
0
|
9
|
February 9, 2023
|
|
2.2.4 Configure system security parameters to prevent misuse
|
|
0
|
11
|
February 9, 2023
|
|
2.2.3 Implement additional security features for any required services, protocols, or daemons that are considered to be insecure
|
|
0
|
7
|
February 9, 2023
|
|
2.2.2 Enable only necessary services, protocols, daemons, etc., as required for the function of the system
|
|
0
|
8
|
February 9, 2023
|
|
2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)
|
|
0
|
8
|
February 9, 2023
|
|
2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards
|
|
0
|
9
|
February 9, 2023
|
|
2.1.1 For wireless environments connected to the cardholder data environment or transmitting cardholder data, change ALL wireless vendor defaults at installation
|
|
0
|
9
|
February 9, 2023
|
|
2.1 Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network
|
|
0
|
6
|
February 9, 2023
|
|
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
|
|
0
|
5
|
February 9, 2023
|
|
1.5 Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties
|
|
0
|
5
|
February 9, 2023
|
|
1.4 Install personal firewall software or equivalent functionality on any portable computing devices
|
|
0
|
8
|
February 9, 2023
|
|
1.3.7 Do not disclose private IP addresses and routing information to unauthorized parties
|
|
0
|
8
|
February 9, 2023
|
|
1.3.6 Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks
|
|
0
|
8
|
February 9, 2023
|
|
1.3.5 Permit only “established” connections into the network
|
|
0
|
12
|
February 9, 2023
|
|
1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet
|
|
0
|
16
|
February 9, 2023
|
|
1.3.3 Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network. (For example, block traffic originating from the Internet with an internal source address.)
|
|
0
|
12
|
February 9, 2023
|
|
1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ
|
|
0
|
7
|
February 9, 2023
|
|
1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports
|
|
0
|
7
|
February 9, 2023
|
|
1.3 Prohibit direct public access between the Internet and any system component in the cardholder data environment
|
|
0
|
8
|
February 9, 2023
|
|
1.2.3 Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic
|
|
0
|
10
|
February 9, 2023
|
|
1.2.2 Secure and synchronize router configuration files
|
|
0
|
9
|
February 9, 2023
|
|
1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic
|
|
0
|
9
|
February 9, 2023
|
|
1.2 Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment
|
|
0
|
10
|
February 9, 2023
|
|
1.1.7 Requirement to review firewall and router rule sets at least every six months
|
|
0
|
10
|
February 9, 2023
|
|
1.1.6 Documentation of business justification and approval for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure
|
|
0
|
10
|
February 9, 2023
|
|
1.1.5 Description of groups, roles, and responsibilities for management of network components
|
|
0
|
9
|
February 9, 2023
|