PCI DSS Requirements version 1.2 Audit Checklist

Establish firewall and router configuration standards that include the following:
A formal process for approving and testing all network connections and changes to the firewall and router configurations"
- Current network diagram with all connections to cardholder data, including any wireless networks
- Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone
- Description of groups, roles, and responsibilities for logical management of network components
- Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure
- Requirement to review firewall and router rule sets at least every six months

Build a firewall configuration that restricts connections between untrusted networks and any system components in the cardholder data environment.
- Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment."
- Secure and synchronize router configuration files.
- Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.
- Prohibit direct public access between the Internet and any system component in the cardholder data environment.
- Implement a DMZ to limit inbound and outbound traffic to only protocols that are necessary for the cardholder data environment."
- Limit inbound Internet traffic to IP addresses within the DMZ.