PCI-DSS-FORM-00-3 Gap Assessment Tool

Page 1

Please note: This sample shows only a small section of the complete Gap Assessment tool.

PCI DSS Gap Assessment Tool PCI-DSS-FORM-00-3

PCI DSS: Requirements AREA/SECTION

SUB-SECTION

PCI DSS REQUIREMENTS

REQS MET? ACTION NEEDED TO MEET REQ

1 Install and maintain a firewall configuration to protect cardholder data 1.1 Implement Firewall

Have firewall and router configuration standards and other documentation been completed? Is there a formal process for testing and approval of all network connections and firewall and router configurations? Is there an up to date network diagram? Is there an up to date cardholder data flow diagram? Is a valid DMZ in place? Are groups, roles, and responsibilities for management of network components defined? Is business justification for the use of services, ports and protocols documented? Is there evidence that the firewall and router rule sets are reviewed at least every 6 months? Have firewall and router configuration standards been verified to confirm that all inbound and outbound traffic is necessary for the card holder data environment?

Yes

Do the applicable firewalls and routers limit inbound and outbound traffic to that necessary for the cardholder data environment? 1.2.2 Router configuration Are router configurations secured from unauthorized access? 1.2.3 Firewall between CDE and wireless Are perimeter firewalls installed between network all wireless networks and the cardholder data environment? Are firewall and router configurations defined —including but not limited to the choke router at the Internet, the DMZ router and firewall, the DMZ cardholder segment, the perimeter router, and the internal cardholder network segment?

Yes

1.3.1 DMZ

Yes

1.1.1 Firewall testing

1.1.2 Network diagram 1.1.3 Cardholder data flow diagram 1.1.4 DMZ 1.1.5 Network roles and responsibilities

1.1.6 Business justification for services, ports and protocols open 1.1.7 Firewall and Router review

1.2 Protect Cardholder Data Environment

1.1.2 Restrict traffic

1.3 Access between internet and CDE

Is the DMZ implemented to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.

Yes

Yes Yes Yes Yes

Yes

Yes

Yes

Yes Yes

Yes

ACTION OWNER

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.