Internal Controls
Internal Controls explain the activities we perform at our organisation to deal with Risks and Compliance Requirements. We document what they do, how we test them and what Policies, Standards and Procedures govern them.
60
0%
Current Internal Controls
0
0%
New Internal Controls
0
0%
Updated Internal Controls
|
Actions
|
Title | Objective | Audit Methodology | Audit Success Criteria | Maintenance Task | Policies |
|---|---|---|---|---|---|---|
|
Cardholder Data DMZ
|
Ensure systems that manage or store card holder data are protected from a DMZ
|
Evidence:,
- Cardholder Diagram, - Firewalls involved Configurations , , Analysis:, - Ensure cardholder systems are behind a DMZ, - Ensure traffic in and out is limited to needed hosts / networks, , Output:, - Firewall Configurations highlighting any rule outside what is strictly needed |
All cardholder systems must be behind a dmz network and firewall and the traffic in and out must be denied except what is needed
|
NA
|
Network Diagram |