Requirement 1: Build and Maintain a Secure Network This can be divided into two parts: Create a secure network Document your network Following steps should help you to achieve this: Identify your Card Holder Environment (CDE): If you are hosting your CDE on-premise then your local network is usually the CDE. It is preferable to have some demarcation for your CDE. This is usually achieved by means of a firewall. Secure your CDE: Most firewalls work on a whitelist model i.e. only the services that are explicitly allowed to pass are allowed, the rest are blocked. Firewall process document : You should document the list of services that are allowed across the firewall. This should consist of the IP addresses, ports and applications (in case of Next-generation firewalls) that have been allowed on the firewall. Not only the IP addresses, you should be able to map these IP addresses with the servers hosting your card related applications. Requirement 2 : Do Not Use Vendor Supplied Defaults Th