1.2.3 Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.
1.2.3 Verify that there are perimeter firewalls installed between any wireless networks and systems that store cardholder data, and that these firewalls deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.
Hi, I am new to the forum so please excuse any mistakes in posting.
We are working through the PCI DSS requirements and I have got to a sticking point regarding what is defined as a ‘Wireless device’
We currently have two building connected together via a line-of-sight 1GB Laser Link; my question is simply does this count as a wireless device and if so do I need firewalls at either end…?
Thanks,
We have placed some of our servers and network equipment in a collocation facility but no wireless infrastructure in place. The data center facility is in scope of PCI as it is in path of the CHD data out to internet.
However, the QSA is requiring us to have a regular scan of rogue wireless network and have a report. And ensure all rogue wireless networks are being denied to enter PCI zone.
Is this really necessary even if our cabinets in the collocation facility doesn’t have wireless infrastructure on it?