 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>UserGuide>UsingSheriffCSMForPCICompliance>PCIDSS32Requirement1 (29 Apr 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSM™
Previous Next Sheriff CSM™
PCI DSS 3.2 Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data
| Testing Procedure | How Sheriff CSM Delivers | Sheriff CSM Instructions | Sheriff CSM Documentation* |
| 1.1.1.c Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested. | Sheriff CSM has built-in reports to assist in identifying changes made to router and firewall configurations for use in validating that changes were approved and tested. | Enable the plugin for your firewall/router devices, and enable forwarding of the syslog events from the firewall/router. | Enable Plugins |
| Run the existing “Firewall Configuration Change” PCI report to show changes made to the firewall. | How to Run Reports | ||
| Additionally, you can enable instant alerting of suspected device configuration changes by creating a directive to Alert on occurrences of the configuration-change events. | Tutorial: Create a New Directive to Detect DoS Attack | ||
| 1.1.6.b Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service. | Sheriff CSM provides NetFlow collection, which assists in identifying insecure services, protocols and ports that are allowed. | NIDS in Sheriff CSM allows for reporting of suspicious or potentially insecure protocols through events. | Sheriff NIDS |
| Create a directive to Alert on occurrences of such NIDS events, which may detect possible misconfiguration or traffic that is not authorized. | Tutorial: Create a New Directive to Detect DoS Attack | ||
| 1.3.2 Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ. | Sheriff CSM provides NetFlow collection, which assists in identifying traffic sources and destinations to help ensure that inbound internet traffic is limited to IP addresses within the DMZ. | Configure a directive to Alert on any activity from non-authorized networks to the DMZ, which allows for immediate alerting of suspicious traffic from any data source. | Correlation Directives |
Edit | Attach | Print version | History: r13 < r12 < r11 < r10 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r13 - 29 Apr 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.