WithoutFire | John Elliott's occasional thoughts on data protection

in memoriam requirement 1.3.3

It is rare for the DSS to get smaller, each version typically adds a few requirements based on lessons from forensic investigations of breaches of cardholder data. However, in the summary of changes from version 3.1 to version 3.2 published this week I noticed:

<br></br>
1.3.3: Removed requirement as intent is addressed via other requirements in 1.2 and 1.3.```

Perhaps, the resident threnodist at [Private Eye](http://www.private-eye.co.uk/poetry-corner) (a satirical British newspaper) would mark its passing thus:

> So farewell then requirement 1.3.3  
>  “Prevent direct internet connections to the CDE”  
>  was your request
> 
> People asked, does that require  
>  a proxy server  
>  or just a firewall?
> 
> You inspired  
>  pedantic discussions  
>  on the meaning of “direct”
> 
> Although you are gone  
>  Your proxy servers live on
> 
> EJ Thribb (17½)

 
John Elliott
About John
0