PCI-DSS v3 Report

The PCI-DSS v3 Report allows you to evaluate your organization’s security posture as it relates to the Payment Card Industry Data Security Standard (PCI-DSS) 3.2.1.

The report was developed by a consortium of payment card companies and other entities to establish a set of requirements for any company that processes or handles credit card and other payment card data. In order to process payment cards, organizations must be able to show their compliance to these standards.

The report tests the policy currently installed on a firewall against specific PCI standards and identifies if the policy fails or passes each standard. If the policy fails a standard, the report provides details of the failure and recommendations on how to meet the standard. If the policy passes a standard, the report explains why the policy passed and provides recommendations for maintaining compliance.

The PCI-DSS v3 Report is based on version 3.2.1. For more information about PCI DSS requirements, testing procedures and guidance, refer to in the PCI Document Library at https://www.pcisecuritystandards.org.

This report requires the creation of PCI-related zones and services before it can be successfully created. DMZ refers to the Cardholder Data DMZ segment, you'll need to separate your PCI DMZs from your non-PCI DMZs. The suggestion is to create a new Zone called non-PCI DMZ.

To run this report, complete the following steps.

  1. On the toolbar, click Reports > Reports Library.
  1. In the Reports Library table, click PCI-DSS v3 Report.

  2. Complete the General section.

    1. The Name and Description fields are prepopulated.
    1. Select a Device to associate to the report.
  3. In the Zones section, all zones required for the report have been included by default.
  4. In the Services section, all services required for the report have been included by default.
    • Allowed PCI Services: Protocols allowed from External to DMZ, External to PCI_Network, and Any to PCI_Network

    • Allowed Database Services: Protocols allowed from DMZ to PCI_Network

    • Allowed Wireless Services: Protocols allowed from PCI_Wireless Network to PCI_Network

    • Disallowed Ingress Services: Protocols NOT allowed from External to DMZ, External to PCI_Network, and DMZ to Internal.

    • Disallowed Egress Services: Protocols NOT allowed from Any to External.

    • Disallowed Insecure Services: Protocols NOT allowed from Any to PCI_Network

  5. Select Options to include in the report.
    • Click Object Details to include object details in the report, such as IP address / netmask for network objects, group member and group member details, and service protocols and ports.
    • Click Controls Results to include controls in the report.
  6. Select HTML, PDF, or CSV as the Report Format export type.
  7. Click Run Report.