What is required for wireless networks in relation to the cardholder data environment?

• A. Install perimeter firewalls between all wireless networks and the cardholder data environment, denying or permitting only authorized traffic.
• B. Disable all wireless networks.
• C. Allow unrestricted wireless traffic into CHD.
• D. Use wireless networks without any firewall controls.

Answer: (A)

Protecting the cardholder data environment relies on creating a strict boundary between wireless networks and CHD. PCI DSS requires installing and maintaining a firewall configuration that separates CHD from other networks and controls traffic crossing the boundary. Placing a firewall between all wireless networks and the CHD enforces exactly what traffic is allowed, ensuring only authorized communications can reach CHD and blocking everything else. This reduces the risk of unauthorized access, eavesdropping, or malware moving from wireless segments into CHD. Disabling wireless networks or allowing unrestricted access, or using wireless without firewall controls, would remove those protections and violate PCI DSS requirements.