WithoutFire | John Elliott's occasional thoughts on data protection

in memoriam requirement 1.3.3

It is rare for the DSS to get smaller, each version typically adds a few requirements based on lessons from forensic investigations of breaches of cardholder data. However, in the summary of changes from version 3.1 to version 3.2 published this week I noticed:

1.3.3: Removed requirement as intent is addressed via other requirements in 1.2 and 1.3.```

Perhaps, the resident threnodist at [Private Eye](http://www.private-eye.co.uk/poetry-corner) (a satirical British newspaper) would mark its passing thus:

> So farewell then requirement 1.3.3  
>  “Prevent direct internet connections to the CDE”  
>  was your request
> People asked, does that require  
>  a proxy server  
>  or just a firewall?
> You inspired  
>  pedantic discussions  
>  on the meaning of “direct”
> Although you are gone  
>  Your proxy servers live on
> EJ Thribb (17½)

Author image
About John