1. Home
2. Listings
3. PCI DSS Requirement 1

Category: PCI DSS Requirement 1

Install and maintain a firewall configuration to protect cardholder data.
PCI DSS Requirement 1 relates to a firewall, which is defined as a networking device (software or hardware) that manages traffic allowed between a trusted and untrusted network. Typically (and this is mandated) a firewall is deployed between the perimeter of an organization’s environment and the Internet, which is considered an untrusted network and all of the discrete internal organizational networks. These internal discrete networks are typically of differing security levels i.e. DMZ untrusted, DMZ trusted, internal corporate network, secure zone etc. In the context of PCI DSS, firewalls segregate and control traffic between environments storing sensitive cardholder data and environments that do not. Typically the DMZs and trusted zone encompass the Cardholder Data Environment (CDE). A firewall manages all traffic between these discrete networks, in all directions and in granular detail, making a decision based on a defined policy, whether the traffic will be allowed or denied.