Skip to main content
PCI Compliance Policies

2. Firewall and Router Configurations Policy

Last modified:

Overview

In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, UIT PCI Compliance Services has established a formal policy and supporting procedures for having a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone. This policy is to be implemented immediately. It will be evaluated on an annual basis for ensuring its adequacy and relevancy regarding UIT-PCI Compliance Services’ needs and goals.

Policy

UIT-PCI Compliance Services will ensure that firewall and router rules sets reviews adhere to the following conditions for purposes of complying with the Payment Card Industry Data Security Standards (PCI DSS) initiatives (PCI DSS Requirements and Security Assessment Procedures):

  • Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.
  • Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.
  • Appropriately configure, examine, and confirm all firewalls and router settings for all inbound and outbound traffic necessary for the cardholder data environment.
  • Appropriately configure, examine and confirm all firewalls and router settings for ensuring that all inbound and outbound traffic is limited to that which is necessary for the cardholder data environment.
  • Appropriately configure, examine and confirm all firewalls and router settings for ensuring that all other inbound and outbound traffic is specifically denied by using various configuration settings (i.e., deny all).
  • Secure and synchronize router configuration files.
  • Appropriately configure, examine, and confirm that router configuration files are secured from unauthorized access.
  • Appropriately configure, examine, and confirm that router configurations are synchronized, for example, the running (or active) configuration matches the start-up configuration.
  • Install perimeter firewalls between all wireless networks and the cardholder data environment, and configure these firewalls to deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.
  • Appropriately configure, examine and confirm examine firewall and router configurations for ensuring that there are perimeter firewalls installed between all wireless networks and the cardholder data environment.
  • Appropriately configure, examine and confirm that firewalls deny or, if traffic is necessary for business purposes, permit only authorized traffic between the wireless environment and the cardholder data environment.

Responsibility for Policy Maintenance

UIT’s PCI Compliance service is responsible for ensuring that the aforementioned policy is kept current as needed for purposes of compliance with the Payment Card Industry Data Security Standards (PCI DSS) initiatives.