Pci Dss Network Diagram Example

According to requirement 1 1 2 of the payment card industry data security standards pci dss your company must have a current network diagram.

Pci dss network diagram example. Note that when technologies are used to manage access between systems and networks for purposes of meeting pci dss requirements this is not considered segmentation that reduces pci dss scope. Sample network diagrams these are sample diagrams to help you get started on building a diagram of your own credit card processing environment. Your company s network diagrams are a critical component of your pci compliance program and should not be overlooked or underdeveloped. To maintain compliance with the pci dss 3 0 requirements enterprises may need to update their network diagrams.

Current diagram that shows all cardholder data flows. It s not uncommon for organizations to underestimate the importance of developing good network diagrams. Network documentation overview network documentation is extremely valuable to a pci dss assessor so valuable in fact that is one of the first requirements listed in the payment card industry data security standard pci dss. The network documentation should include an up to date network diagram which shows all the network connections to the cardholder data.

Pci dss requirement guidance 1 1 2. Current network diagram that identifies all connections between the cardholder data environment and other networks including any wireless networks network diagrams describe how networks are configured and identify the location of all network devices. These illustrations are exam ples only and are not all inclusive of components that may be in your cardholder data environment. Firewall is being used to implement a pci dss requirement for in scope systems and network and is also used to segment an out of scope network.

Requirement 1 1 2 in the pci dss requires the assessor to validate that a current network diagram with all connections. While pci really only cares about payment cards dfds can and should also be used wherever you are. I d suggest using a proper diagramming tool such as microsoft visio that can draw all network devices within the pci dss scope especially those that store or transmit cardholder data. Expert mike chapple outlines how best to make these changes.

The purpose of having network and data flow diagrams is so that your organization can fully understand where sensitive assets such as cardholder data exist throughout your network. The importance behind pci requirements 1 1 2 1 1 3. Data flow diagrams dfd are a powerful tool in many situations. If you were to ask network architects and engineers about their favorite part of the job i doubt any of them will respond with creating and maintaining network diagrams it s not the most glamorous task yet requirements 1 1 2 and 1 1 3 of the payment card industry data security standard pci dss along with general good security hygiene render it a necessary one.

Whether in the role of pci qsa or security architect where you are trying to work out the appropriate level of security requirements.