Skip to main content

💼 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.

  • ID: /frameworks/pci-dss-v4.0.1/01/04/02

Description

To the following:

  • Communications with system components that are authorized to provide publicly accessible services, protocols, and ports.
  • Stateful responses to communications initiated by system components in a trusted network.
  • All other traffic is denied.

Similar

  • Sections
    • /frameworks/pci-dss-v4.0/01/04/02

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v4.0 → 💼 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.720no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 PCI DSS v4.0 → 💼 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.720no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (20)

PolicyLogic CountFlagsCompliance
🛡️ AWS DMS Replication Instance is publicly accessible🟢1🟢 x6no data
🛡️ AWS EBS Snapshot is publicly accessible🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted CIFS traffic🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to MongoDB🟢1🟢 x6no data
🛡️ AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS🟢1🟢 x6no data
🛡️ AWS RDS Instance is publicly accessible and in an unrestricted public subnet🟢1🟢 x6no data
🛡️ AWS RDS Snapshot is publicly accessible🟢1🟢 x6no data
🛡️ AWS S3 Bucket is not configured to block public access🟢1🟢 x6no data
🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to HTTP(S) ports🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to RDP port🟢1🟢 x6no data
🛡️ Azure Network Security Group allows public access to SSH port🟢1🟢 x6no data
🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢1🟢 x6no data
🛡️ Azure Storage Account Allow Blob Anonymous Access is enabled🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC is not enabled🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1🟢1🟢 x6no data
🛡️ Google GKE Cluster Control Plane Authorized Networks are disabled🟢1🟢 x6no data
🛡️ Google Project has a default network🟢1🟢 x6no data
🛡️ Google Project has a legacy network🟢1🟢 x6no data