Skip to main content

πŸ’Ό 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.

Description​

To the following:

  • Communications with system components that are authorized to provide publicly accessible services, protocols, and ports.
  • Stateful responses to communications initiated by system components in a trusted network.
  • All other traffic is denied.

Similar​

  • Sections
    • /frameworks/pci-dss-v4.0/01/04/02

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.719

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.719

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (19)​

PolicyLogic CountFlags
πŸ“ AWS DMS Replication Instance is publicly accessible 🟒1🟒 x6
πŸ“ AWS EBS Snapshot is publicly accessible 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted CIFS traffic 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to MongoDB 🟒1🟒 x6
πŸ“ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS 🟒1🟒 x6
πŸ“ AWS RDS Instance is publicly accessible and in an unrestricted public subnet 🟒1🟒 x6
πŸ“ AWS RDS Snapshot is publicly accessible 🟒1🟒 x6
πŸ“ AWS S3 Bucket is not configured to block public access 🟒1🟒 x6
πŸ“ Azure Cosmos DB Account Virtual Network Filter is not enabled 🟒1🟒 x6
πŸ“ Azure Network Security Group allows public access to HTTP(S) ports 🟒1🟒 x6
πŸ“ Azure Network Security Group allows public access to RDP port 🟒1🟒 x6
πŸ“ Azure Network Security Group allows public access to SSH port 🟒1🟒 x6
πŸ“ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) 🟒1🟒 x6
πŸ“ Azure Storage Account Allow Blob Anonymous Access is enabled 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC is not enabled 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟒1🟒 x6
πŸ“ Google Project has a default network 🟒1🟒 x6
πŸ“ Google Project has a legacy network 🟒1🟒 x6