Online PCI DSS Compliance Self Assessment

The questionnaire is divided into seven sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard.

Part one: Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect data

Question Yes No N/A
Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards?  
If wireless technology is used, is access to the network limited to authorized devices?
Do changes to the firewall need authorization and are the changes logged?  
Is a firewall used to protect the network and limit traffic to that which is required to conduct business?  
Are egress and ingress filters installed on all border routers to prevent impersonation with spoofed IP addresses?  
Is payment card account information stored in a database located on the internal network (not the DMZ) and protected by a firewall?  
If wireless technology is used, do perimeter firewalls exist between wireless networks and the payment card environment?
Does each mobile computer with direct connectivity to the Internet have a personal firewall and anti-virus software installed?
Are Web servers located on a publicly reachable network segment separated from the internal network by a firewall (DMZ)?  
Is the firewall configured to translate (hide) internal IP addresses, using network address translation (NAT)?  
 
copyright Evolution Systems Limited and trademark holders - click here for detailsspacerfooter
shadow
 
PCI DSS Compliance | About the PCI standard | PCI compliance for Merchants | PCI DSS FAQs | PCI DSS Self assesment
Online PCI DSS self assesment | Contact us