GoAnywhere Gateway is an important security component for protecting cardholder data and helping organizations to comply with PCI DSS. By allowing organizations to keep sensitive files and credentials out of the DMZ (demilitarized zone) while not requiring inbound ports to be opened into the internal network, GoAnywhere Gateway is specifically useful for meeting Requirements 1.4 and 1.3.2 of the PCI DSS standard (text of the standard as follows).
| 1.4 | Network connections between trusted and untrusted networks are controlled. |
| 1.4.1 | NSCs are implemented between trusted and untrusted networks. |
| 1.4.2 | Inbound traffic from untrusted networks to trusted networks is restricted to: • Communications with system components that are authorized to provide publicly accessible services, protocols, and ports. • Stateful responses to communications initiated by system components in a trusted network. • All other traffic is denied. |
| 1.4.3 | Anti-spoofing measures are implemented to detect and block forged source IP addresses from entering the trusted network. |
| 1.3.2 | Outbound traffic from the CDE is restricted as follows: • To only traffic that is necessary. • All other traffic is specifically denied. |
| 1.4.4 | System components that store cardholder data are not directly accessible from untrusted networks. |
| 1.4.5 | The disclosure of internal IP addresses and routing information is limited to only authorized parties. |
Fortra is a Participating Organization in the Payment Card Industry Security Standards Council (PCI SSC). As a member, Fortra receives training and provides review of existing standards or advance review of new standards or programs directly to the PCI SSC. Fortra is dedicated to the protection of payment card and other personally identifiable information while in motion and at rest through encryption, key management and secure file transport.