pci dss saq.pdf


Preview of PDF document pci-dss-saq.pdf

Page 1 23440

Text preview


1.1.3(b)

Is there a process to ensure the diagram is kept current?
Compensating Control

1.1.4(a)

No

N/A

Yes

No

N/A

Yes

No

N/A

Are all insecure services, protocols, and ports identified, and are security features
documented and implemented for each identified service?
Compensating Control

1.1.7(a)

Yes

Do firewall and router configuration standards include a documented list of services,
protocols, and ports, including business justification and approval for each?
Compensating Control

1.1.6(b)

N/A

Is the current network diagram consistent with the firewall configuration standards?
Compensating Control

1.1.6(a)

No

Is a firewall required and implemented at each Internet connection and between any
demilitarized zone (DMZ) and the internal network zone?
Compensating Control

1.1.4(b)

Yes

Yes

No

N/A

Do firewall and router configuration standards require review of firewall and router
rule sets at least every six months?
Compensating Control

Yes

No

N/A