PCI DSS and GoAnywhere Gateway
GoAnywhere Gateway is an important security component for protecting cardholder data and helping organizations to comply with the PCI DSS security standards. By allowing organizations to keep sensitive files and credentials out of the DMZ while not requiring inbound ports to be opened into the internal network, GoAnywhere Gateway is specifically useful for meeting the requirements in section 1.3 of the PCI DSS (text of the standard as follows).
|1.3||Prohibit direct public access between the Internet and any system component in the cardholder data environment.|
|1.3.1||Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.|
|1.3.2||Limit inbound Internet traffic to IP addresses within the DMZ.|
|1.3.3||Do not allow any direct connections inbound or outbound for traffic between the Internet and the cardholder data environment.|
|1.3.4||Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network.|
|1.3.5||Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.|
|1.3.6||Implement stateful inspection, also known as dynamic packet filtering. (That is, only "established" connections are allowed into the network.)|
|1.3.7||Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks.|
Do not disclose private IP addresses and routing information to unauthorized parties. Note:
Methods to obscure IP addressing may include, but are not limited to:
Linoma Software is a Participating Organization in the Payment Card Industry Security Standards Council (PCI SSC). As a member, Linoma Software receives training and provides review of existing standards or advance review of new standards or programs directly to the PCI SSC. Linoma Software is dedicated to the protection of payment card and other personally identifiable information while in motion and at rest through encryption, key management and secure file transport.