The Payment Card Industry Data Security Standard (PCI DSS) specifies requirements to make sure that your firewall provides a secure solution for your network and all payment card data that is transmitted through your network. The PCI DSS security requirements apply to all the components of your network that connect to the cardholder data environment.
Your firewall is an essential requirement to keep your network in compliance with a PCI environment. The first requirement in the standard outlines why you must have a firewall and keep sensitive areas of your network separate. You can use Fireboxes to meet these requirements.
Firewalls are devices that control computer traffic that is allowed between trusted networks (internal) and an untrusted networks (external) at a company, as well as traffic into and out of more sensitive areas within internal trusted networks at a company. The cardholder data environment is an example of a more sensitive area within trusted networks.
A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. All systems must be protected from unauthorized access from untrusted networks, whether the access to the system is from the Internet as e-commerce, employee Internet access through desktop browsers, employee email access, dedicated connections such as business-to-business connections, from wireless networks, or from other sources. Often, seemingly insignificant paths to and from untrusted networks can provide unprotected pathways to key systems. Firewalls are a key protection mechanism for any computer network.
WatchGuard also helps you to address these specific PCI requirements:
5.2 Ensure that all anti-virus mechanisms are current, active, and generate audit logs.
6.4 Follow change control processes and procedures for all changes to system components.
10.1 Establish a process to link all access to system components (especially access with administrative privileges such as root) to each individual user.
10.2 Implement automated audit trails for all system components.
10.6 Review logs for all system components at least daily. Log reviews must include those servers that perform security functions, such as intrusion-detection system (IDS).
11.1 Test for the presence of wireless access points and detect unauthorized wireless access points on a quarterly basis.
Note: Methods that may be used in the process include but are not limited to wireless network scans, physical/logical inspections of system components and infrastructure, network access control (NAC), or wireless IDS/IPS.
11.4 Use intrusion-detection systems, and/or intrusion-prevention systems to monitor all traffic at the perimeter of the cardholder data environment as well as at critical points inside of the cardholder data environment, and alert personnel to suspected compromises. Keep all intrusion-detection and prevention engines, baselines, and signatures up-to-date.
WatchGuard reports include several predefined reports that provide information to help you make sure that your network is compliant with PCI requirements. These reports are included in the Compliance Reports group.
| Requirement | Related Report | Report Description |
|---|---|---|
| Requirement 5 | Gateway AntiVirus Summary | Gateway AntiVirus action summary |
| Requirement 6 | Audit Trail |
Detailed list of audited configuration changes for a Firebox |
| Requirement 10.1 Requirement 10.2 |
Denied User Authentication Report |
Detailed list of users denied authentication |
| Requirement 10.6 | Alarm Summary | Summary report of all alarms |
For complete details about the PCI DSS requirements and to find the PCI DCI requirements documentation, go to https://www.pcisecuritystandards.org/security_standards/index.php.
View PCI Compliance Reports in Dimension
You can view PCI compliance reports from WatchGuard Dimension, or schedule the reports to be exported in a PDF file. For more information, go to View Reports and Schedule Dimension Reports.
View PCI Compliance Reports in WatchGuard Cloud
You can view PCI compliance reports from WatchGuard Dimension, or schedule the reports to be exported in a PDF file. For more information, go to PCI Compliance Report and Scheduled Reports.
Generate PCI Compliance Reports from Report Manager
To monitor your network and verify that it is PCI compliant, you can generate the related reports for each requirement.
- From the WSM Report Server, create a report schedule that includes the required Compliance Reports.
For detailed steps, go to Configure Report Generation Settings. - Connect to WatchGuard WebCenter to View Compliance Reports in Report Manager.
With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.