[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Requirements for IPv6 Firewalls
On 4/18/14, 7:04 PM, Jeff Kell wrote:
> PCI requirement 1.3.8 pretty much requires RFC1918
> addressing of the computers in scope...
It does not
1.3.8
Do not disclose private IP addresses and routing
information to unauthorized parties.
Note
: Methods to obscure IP addressing may include, but are
not limited to:
� Network Address Translation (NAT)
� Placing servers containing cardholder data behind proxy
servers/firewalls or content caches,
� Removal or filtering of route advertisements for private
networks that employ registered addressing,
� Internal use of RFC1918 address space instead of
registered addresses.
from version two with further explication
https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf
version 3
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
> has anyone hinted at PCI for IPv6?
If by hinted at you mean deployed in pci compliant environments then yes.
> Jeff
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140419/d17bba2b/attachment.bin>