1.3.1 Implement a DMZ to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.
1.3.1 Verify that a DMZ is implemented to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment.
DMZ Requirement
Is a DMZ still required if any and all applications are physically hosted out of a SunGard data center?
Is a DMZ required if using a service provider
In one word, yes. A DMZ is required to separate the Internet from the card holder environment regardless of where the card holder data is stored - in your own infrastructure or at a service provider. The idea is to separate Internet-accessible applications like a web store front, from the processing and data storage environment.
[FONT=Verdana]I am new to PCI DSS and this forum so please bear with me…[/FONT]
[FONT=Verdana]"1.3.1 Implement a DMZ to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment."[/FONT]
[FONT=Verdana]My network:[/FONT]
[FONT=Verdana]Internet----|Perimeter Router|—My Public Subnet–|Firewall|–My Private subnet…[/FONT]
My Firewall has three Interfaces 1) One connected to “My Public Subnet” 2) Second connected to “My Private subnet” 3) and third connected to a network we cal DMZ.
[FONT=Verdana]In this case my Perimeter Router has ACL. Will “My Public Subnet” be treated as a DMZ[/FONT]