PCIDSS.COM - PCI DSS Security Solutions Directory

Category: PCI DSS Requirement 1

Install and Maintain Network Security Controls

Network policy or rule enforcement points are known as Network Security Controls (NSCs). Examples of these are firewalls (software or hardware) and other network security technologies that control network traffic between two or more logical or physical network segments.

All network traffic entering and leaving a segment is analyzed by NSCs, which decide, in accordance with the established policies or rules, whether the network traffic should be allowed to pass or be rejected. NSCs are typically placed between environments with differing levels of trust or security for the underlying assets within the respective environments. Newer NSCs often make policy decisions based on data at higher layers, although generally policy enforcement typically takes place at layer 3 of the OSI model.

Historically, physical firewalls have performed this function. In recent times, however, cloudy environments are common with virtual devices, cloud access controls, virtualization/container systems, and other software-defined networking technologies often now provide this functionality.

NSCs are used to protect an organization’s resources from being exposed to untrusted networks and to control traffic within the organization’s own networks, such as between areas of high sensitivity and less sensitivity. Within a PCI environment, an organization’s network containing cardholder data or the Cardholder Data Environment (CDE) is an example of a more sensitive area. Unsecured entry points into sensitive systems can frequently be found on seemingly insignificant routes to and from untrusted networks. NSCs are an essential security component and safeguard for any computer network.

The Internet, dedicated connections like business-to-business communication channels, wireless networks, carrier networks like cellular, third-party networks, and other sources that the entity undergoing PCI DSS compliance cannot control, are all examples of untrusted networks. In addition, corporate networks that are not subject to PCI DSS assessment are included in the category of untrusted networks and must be treated as such because the existence of security controls has not been confirmed. From an infrastructure perspective, an organization may consider an internal network to be trustworthy; however, a network that is not covered by PCI DSS must be regarded as untrustworthy.

PCI Solution Provider

PeachFuzz

Peachfuzz web design is a company that can help you create a site that is perfect for your needs. We…

Read More

Rating
0 / 5
Views
441
PCI Solution Provider

Sophos NAC

Sophos NAC Advanced can be critical part of your security measures ? ensuring that employee and guest computers are compliant…

Read More

PCI Solution Provider

Checkpoint

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation…

Read More

PCI Solution Provider

Cisco

Cisco Compliance Solutions help customers plan, build, and manage compliance activities more effectively and efficiently. The solutions offer compliance resources…

Read More

Location
Global PCI DSS Solutions
Rating
0 / 5
Views
3737
PCI Solution Provider

Rackspace

Rackspace provide managed firewall services that assist in PCI DSS compliance

Read More

Location
Global PCI DSS Solutions
Rating
0 / 5
Views
2970