Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
4
Figure 1: Example topology of a PCI-DSS environment
Requirement 1: Install and maintain a firewall
configuration to protect cardholder data
Sub Req# Requirement Products
1.1
Establish firewall and router configuration standards that
formalize testing whenever configurations change; that
identify all connections to cardholder data (including
wireless); that use various technical settings for each
implementation; and stipulate a review of configuration
rule sets at least every six months.
Not in the purview of this document
1.2
Build firewall and router configurations that restrict
connections between untrusted networks and any system
components in the cardholder data environment.
HP-UX IPFilter
1.3
Prohibit direct public access between the Internet and any
system component in the cardholder data environment.
HP-UX IPFilter
1.4
Install personal firewall software either on any mobile or
employee-owned computers or both with direct
connectivity to the Internet that are used to access the
organization’s network.
Not in the purview of this document
1.1 Establish firewall and router configuration standards
The establish firewall and router configuration standards include the following:
A formal process for approving and testing all network connections and changes to the firewall and router
configurations.
Current network diagram with all connections to cardholder data, including any wireless networks.
Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the
internal network zone.
Description of groups, roles, and responsibilities for logical management of network components.
Documentation and business justification for use of all services, protocols, and ports allowed, including
documentation of security features implemented for those protocols considered to be insecure. Examples of
insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.
Requirement to review firewall and router rule sets at least every six months.