Learning Guide

PCI DSS Requirement 1: Install and maintain a firewall configuration

At first glance, security professionals look at this requirement, simply install a firewall on their network perimeter and then think that all is well. Not quite. Many people fail to realize that PCI DSS Requirement 1 states that organizations must not only have a working firewall that is configured and documented correctly for ingress and egress filtering rules, but also utilize trusted zones (such as DMZs) and the use of perimeter firewalls installed between wireless networks and the cardholder data environment. These are just a few of the many specific details within the first PCI DSS requirement that tend to get ignored.

    Requires Free Membership to View

How to pass PCI Requirement 1
Organizations need to thoroughly review firewall configurations and the policies that control the traffic flowing into and out of a network. Many firewalls go untouched for quite some time after their initial network installation. Because business application needs and customer requirements change over time, many rules are adjusted to allow for additional ports and services to be initiated, allowing open communication between trusted and untrusted segments.

All changes on these devices must be approved, accurately documented and reviewed on an ongoing basis to make sure that they are hardened and only allow secure information to flow between network segments. Documented configuration standards for these protections are mandatory along with specific documentation that justifies your network practices.

Finally, do not forget that configurations must provide security for assets that store, transmit or process cardholder data, which includes the appropriate network segmentation of information from wireless and mobile devices.


  Requirement 3: Protecting stored data
  Requirement 11: Regularly test security systems and processes
  Requirement 8: Assign a unique ID to users
  Requirement 10: Monitor access to network resources and data
  Requirement 1: Install and maintain a firewall configuration

Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via canvip@yahoo.com.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: