PCI DSS Requirement 1 focuses on installing and maintaining network security controls to protect the cardholder data environment (CDE). Which of the following actions directly satisfies this specific requirement?
Apply vendor security patches to all systems within 30 days of release
Deploy firewalls to segment the CDE from untrusted networks
Establish and test a daily backup schedule for payment servers
Implement multi-factor authentication for remote administrative access
Deploying properly configured firewalls (or equivalent network security controls) to restrict and monitor traffic into and out of the CDE is the precise control called for in PCI DSS Requirement 1. The other options reference controls found in different PCI DSS requirements: multi-factor authentication is covered under Requirement 8, timely patch management under Requirement 6, and backup procedures under Requirements 9 and 12. Although all are important for overall compliance, only the firewall control fulfills Requirement 1.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the specific PCI DSS requirements regarding firewalls?
Open an interactive chat with Bash
What is the role of network segmentation in PCI DSS?
Open an interactive chat with Bash
How does two-factor authentication relate to PCI DSS compliance?