Regulatory Compliance, Governance and Security

Nov 23 2008   7:03PM GMT

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1



Payment Card Industry (PCI) Data Security Standards (DSS) for Requirement 1.1 require organizations to “Establish firewall and router configuration standards”. This requirement falls under the functional area of the overall Requirement 1.0, which states that organizations must “Install and maintain a firewall configuration to protect cardholder data”. So, what does this requirement 1.1 specifically mean and what do merchants, service providers and other supporting organizations need to be aware of? In short, PCI DSS requirements for 1.1 call for organizations to “Obtain and inspect the firewall and router configuration standards and other documentation specified below to verify that standards are complete”. In essence, its a rather straightforward testing approach that requires that configuration standards are commensurate and in line with the business needs of the organization for ensuring that no unwanted or malicious traffic is kept out and that only the traffic designated is allowed through. A PCI QSA can verify this requirement by consulting and inspecting the current firewall settings and configurations. Take note, as all unnecessary ports and configurations should be closed if they are not suitable or conducive to the cardholder environment. To learn more about PCI DSS, visit

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: