Skip to content

Guidance on network and data flow diagrams for PCI DSS compliance

Complying with the Payment Card Industry Data Security Standard (PCI DSS) is an important task for any organization that processes, stores, or transmits cardholder data. To fulfill this requirement, an entity must maintain up-to-date network and data flow diagrams that illustrate the paths of cardholder data (CHD) within their environment. These diagrams must show each possible form of ingestion and propagation of CHD, along with any management or monitoring paths. Furthermore, the diagrams should include a human-readable network name and the IP address range that the network segment uses.

When creating a network diagram, it’s important to include all firewalls and routers within the environment, as well as any management data paths. Additionally, the diagrams should also include any IDS/IPS tools, transaction logging and overall system logging paths, authentication, anti-virus, backup, and update mechanisms. To reduce complexity, it’s recommended to create multiple diagrams.

Data flow diagrams should illustrate the sequence of events with the number adjacent to the arrow in the appropriate direction. Furthermore, using different colors can help to further understand the risk associated with various data flows. For example, red can signify unencrypted data, blue can signify data that is encrypted or decrypted, brown can signify DUKPT (Derived Unique Key per Transaction) channels, and green can signify data that cannot be decrypted.

Overall, it’s important to ensure that any diagrams created remain up-to-date and that changes are documented with the date of review and by who approved them. This will help ensure that all updates can be traced easily.

In conclusion, maintaining up-to-date network and data flow diagrams is an essential part of meeting the PCI DSS requirements. These diagrams should include all possible forms of ingestion and propagation of CHD, as well as any management or monitoring paths. Furthermore, it’s important to ensure that these diagrams remain up-to-date with all changes documented for future reference.

Leave a Reply

Your email address will not be published. Required fields are marked *