PCI Assessment

NDB Advisory Restrict Inbound and Outbound Traffic | PCI DSS Requirement 1.2.1

Restrict Inbound and Outbound Traffic | PCI DSS Requirement 1.2.1

Regarding PCI DSS Requirement 1.2.1, it's once again important to note the value of your organization's network diagram/topology documents for helping ensure compliance with this requirement. The goal for PCI DSS Requirement 1.2.1, including both testing procedures 1.2.1.a and 1.2.1.b, is to essentially limit traffic for only the essential services needed for the cardholder data environment. Thus, a deny all baseline should be in place, which many firewalls initially have in place, then allowing only the "must have" and "essential" services, ports, and protocols needed, such as HTTP, HTTPS, SSL, TLS, SSH, VPN IPsec traffic, etc. There needs to be a very strong and compelling business reason for allowing services, protocols, and ports allowed that are essentially deemed insecure by the PCI DSS 1.2 standards.

A detailed network topology, firewall rule sets, "documented" list of services, protocols, and ports currently in use should generally help suffice for PCI DSS Requirement 1.2.1, but again, you will need to be able to interpret and understand rules sets and configuration documents.

To learn more about the Payment Card Industry Data Security Standards and becoming PCI DSS compliant, please contact NDB, Advisory.

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x706



  • (800) 277-5415, ext. 706
PCI DSS Compliance Experts


Contact Us