It is rare for the DSS to get smaller, each version typically adds a few requirements based on lessons from forensic investigations of breaches of cardholder data. However, in the summary of changes from version 3.1 to version 3.2 published this week I noticed:
1.3.3: Removed requirement as intent is addressed via other requirements in 1.2 and 1.3.
Perhaps, the resident threnodist at Private Eye (a satirical British newspaper) would mark its passing thus:
So farewell then requirement 1.3.3
“Prevent direct internet connections to the CDE”
was your request
People asked, does that require
a proxy server
or just a firewall?
on the meaning of “direct”
Although you are gone
Your proxy servers live on
EJ Thribb (17½)