πΌ 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.
-
Contextual name: πΌ 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.
-
ID:
/frameworks/pci-dss-v4.0/01/04/02 -
Located in: πΌ 1.4 Network connections between trusted and untrusted networks are controlled.
Descriptionβ
To the following:
- Communications with system components that are authorized to provide publicly accessible services, protocols, and ports.
- Stateful responses to communications initiated by system components in a trusted network.
- All other traffic is denied.
Similarβ
- Sections
/frameworks/pci-dss-v3.2.1/01/03/01/frameworks/pci-dss-v3.2.1/01/03/02/frameworks/pci-dss-v3.2.1/01/03/05/frameworks/pci-dss-v4.0.1/01/04/02
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports. | 7 | 8 | ||
| πΌ PCI DSS v3.2.1 β πΌ 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ. | 8 | |||
| πΌ PCI DSS v3.2.1 β πΌ 1.3.5 Permit only βestablishedβ connections into the network. | 8 | |||
| πΌ PCI DSS v4.0.1 β πΌ 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted. | 8 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ PCI DSS v3.2.1 β πΌ 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports. | 7 | 8 | ||
| πΌ PCI DSS v3.2.1 β πΌ 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ. | 8 | |||
| πΌ PCI DSS v3.2.1 β πΌ 1.3.5 Permit only βestablishedβ connections into the network. | 8 | |||
| πΌ PCI DSS v4.0.1 β πΌ 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted. | 8 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (8)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS RDS Instance is publicly accessible and in an unrestricted public subnet π’ | 1 | π’ x6 |
| π AWS RDS Snapshot is publicly accessible π’ | 1 | π’ x6 |
| π AWS S3 Bucket is not configured to block public access π’ | 1 | π’ x6 |
| π Azure Cosmos DB Account Virtual Network Filter is not enabled π’ | 1 | π’ x6 |
| π Azure Network Security Group allows unrestricted RDP access from the Internet π’ | 1 | π’ x6 |
| π Azure Network Security Group allows unrestricted SSH access from the Internet π’ | 1 | π’ x6 |
| π Azure Network Security Group allows unrestricted UDP access from the Internet π’ | 1 | π’ x6 |
| π Azure Storage Account Allow Blob Anonymous Access is set enabled π’ | 1 | π’ x6 |