Re: Requirements for IPv6 Firewalls

joel jaeggli Sat, 19 Apr 2014 07:30:22 -0700

On 4/18/14, 7:04 PM, Jeff Kell wrote:
> PCI requirement 1.3.8 pretty  much requires RFC1918
> addressing of the computers in scope...


It does not

1.3.8
 Do not disclose private IP addresses and routing
information to unauthorized parties.
Note
: Methods to obscure IP addressing may include, but are
not limited to:
 Network Address Translation (NAT)
 Placing servers containing cardholder data behind proxy
servers/firewalls or content caches,
 Removal or filtering of route advertisements for private
networks that employ registered addressing,
 Internal use of RFC1918 address space instead of
registered addresses.

from version two with further explication

https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf

version 3

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

>  has anyone hinted at PCI for IPv6?

If by hinted at you mean deployed in pci compliant environments then yes.

> Jeff
> 
>

signature.asc
Description: OpenPGP digital signature

Re: Requirements for IPv6 Firewalls

Reply via email to