PCI-DSS Requirement 1 — Install and Maintain Network Security Controls
Enforced by: PCI SSC
Current as of March 31, 2022
Plain Language Summary
Firewalls and network segmentation isolate the cardholder data environment (CDE). All traffic in/out must be justified and documented. NSC rules reviewed every 6 months.
Network security controls (NSCs) are a foundational component of network security. All NSCs must restrict inbound and outbound traffic to only that which is necessary. NSCs between the cardholder data environment (CDE) and all other networks must be implemented and documented. Public requirement objectives include: processes for installing and maintaining network security controls are defined; NSCs are configured and maintained; and access to system components in the CDE is restricted.