PCI (Payment Card Industry Security Standard)
Install and maintain a firewall configuration to protect cardholder data
1.4 Install personal firewall software or equivalent functionality on any portable computing devices (including company and/or employee-owned) that connect to the internet when outside the network (for example laptops used by employees) and which are also used to access the CDE. Firewall (or equivalent) configurations include: – specific configuration settings are defined. – Personal firewall (or equivalent functionality) is actively running. – Personal firewall (or equivalent functionality) is not alterable by users of the portable computing devices.
Portable computing devices that are allowed to connect to the Internet from outside the corporate firewall are more vulnerable to Internet-based threats. Use of firewall functionality (e.g. personal firewall software or hardware) helps to protect devices from Internet-based attacks which could use the device to gain access the organization’s systems and data once the device is re-connected to the network. The specific firewall configuration settings are determined by the organization. Note: This requirement applies to employeeowned and company-owned portable computing devices. Systems that cannot be managed by corporate policy introduce weaknesses and provide opportunities that malicious individuals may exploit. Allowing untrusted systems to connect to an organization’s CDE could result in access being granted to attackers and other malicious users.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8