![terraria 1.1 1.2 1.3 terraria 1.1 1.2 1.3](https://i.ytimg.com/vi/RMllu5Jn9Z0/maxresdefault.jpg)
Methods used for controlling traffic in and out of your network.Your network documentation should include things such as: When your assessor is reviewing your network diagram and data flow diagram, they are verifying that your organization knows where your assets are located and how the connections in to and out of those environments exist. What Should Be Included in Network Documentation for PCI Compliance? Ideally, assessors look for some sort of tie into your Change Control Program as part of Requirement 1.1.1. Keeping updated network documentation, such as a network diagram and data flow diagram, can prevent your organization from unknowingly overlooking cardholder data that has been left out of the security controls and is susceptible to unauthorized access.Īs an assessor, we look for evidence of your policies, procedures, and processes surrounding the maintenance of your network documentation and that your organization is keeping these network diagrams and data flow diagrams appropriately updated.
![terraria 1.1 1.2 1.3 terraria 1.1 1.2 1.3](https://static.wikia.nocookie.net/terraria_gamepedia/images/6/67/1.3.0.1_Banner.png)
![terraria 1.1 1.2 1.3 terraria 1.1 1.2 1.3](https://mehtrainer.com/wp-content/uploads/2020/06/22-600x395.png)
If you are unaware of where your assets currently reside, you probably are not appropriately protecting them. The purpose of having network and data flow diagrams is so that your organization can fully understand where sensitive assets, such as cardholder data, exist throughout your network. The Importance Behind PCI Requirements 1.1.2 & 1.1.3 An updated network diagram is required by PCI Requirement 1.1.2, which states that organizations must have a “current network diagram that identifies all connections between the Cardholder Data Environment (CDE) and other networks, including any wireless networks.” A data flow diagram is required by PCI Requirement 1.1.3, which requires that organizations have a “current diagram that shows all cardholder data flows across systems and networks.” Network documentation consists of two things: a network diagram and a data flow diagram. PCI DSS Requirements 1.1.2 and 1.1.3 are all about maintaining network documentation.