We are attempting to become PCI compliant.
I am looking for some guidanve and experience for requirement 1.3.
1.3 - 'Prohibit direct public access between the internet and any system component in the card holder data environmenty.
We have PCs on the CCD network that wish to access the internet.
For this indirect access is a a firewall running NAT and Stateful packet filtering sufficient to meet the above requirement. or
Do we require to create a DMZ and place a proxy server in there to manage connections to the internet.
What is acceptable to a QSA.