nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Requirements for IPv6 Firewalls

From: joel jaeggli <joelja () bogus com>
Date: Sat, 19 Apr 2014 07:29:42 -0700
On 4/18/14, 7:04 PM, Jeff Kell wrote:

PCI requirement 1.3.8 pretty  much requires RFC1918
addressing of the computers in scope...


It does not

1.3.8
 Do not disclose private IP addresses and routing
information to unauthorized parties.
Note
: Methods to obscure IP addressing may include, but are
not limited to:
 Network Address Translation (NAT)
 Placing servers containing cardholder data behind proxy
servers/firewalls or content caches,
 Removal or filtering of route advertisements for private
networks that employ registered addressing,
 Internal use of RFC1918 address space instead of
registered addresses.

from version two with further explication

https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf

version 3

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf


 has anyone hinted at PCI for IPv6?


If by hinted at you mean deployed in pci compliant environments then yes.


Jeff

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: