Summary Of Pci Dss Requirements; Build And Maintain A Secure Network; Requirement 1: Install And Maintain A Firewall Configuration To Protect Cardholder Data - VeriFone Vx520 Implementation Manual

2. Summary of PCI DSS requirements

This summary provides a basic overview of the PCI DSS requirements and how they apply to your
business when using the VeriFone Vx terminal with Point VxPC.
In this chapter Point Vx refers to Verifone Vx terminals using the Point VxPC SW.

2.1. Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

a. What the requirement says
"Firewalls are devices that control computer traffic allowed between an entity's networks (internal)
and untrusted networks (external), as well as traffic into and out of more sensitive areas within an
entity's internal trusted networks. The cardholder data environment is an example of a more sensi-
tive area within an entity's trusted network. A firewall examines all network traffic and blocks those
transmissions that do not meet the specified security criteria. All systems must be protected from
unauthorized access from untrusted networks, whether entering the system via the Internet as e-
commerce, employee Internet access through desktop browsers, employee e-mail access, dedicated
connections such as business-to-business connections, via wireless networks, or via other sources.
Often, seemingly insignificant paths to and from untrusted networks can provide unprotected path-
ways into key systems. Firewalls are a key protection mechanism for any computer network. Other
system components may provide firewall functionality, provided they meet the minimum require-
ments for firewalls as provided in Requirement 1. Where other system components are used within
the cardholder data environment to provide firewall functionality, these devices must be included
within the scope and assessment of Requirement 1.", reference 2.
Enable only necessary services, protocols, daemons, etc., as required for the function of the system.
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
Author
Jevgenijs Smirnovs
E-mail
jevgenijs.smirnovs@verifone.com
Phone
+371 67844726
Document name Verifone Payment Core
Point VxPC F02.01.xxx
Implementation Guide
Date
12-Jun-2015
Page number Version
9 1.0