Watchguard PCI Security Requirements White Paper

See suggested requirement bullet 11

“Included in this requirement is the need to use an Intrusion Prevention Service in the network.”

DLP may not be needed or they can opt in for it just in case ( DLP would be outbound protection ) VS IPS is inbound threat signature blocking – which is part of a PCI scan check.

The document also notes AV Gatway enabling – which may or may not be needed / depending on the PCI Scan service provider if they check for that sort of thing.

But IPS for sure…

PS. This is an older document / but most of it should still be recommended. ( Good document to send to the client )

____________________________________________________ : Full Domain Spam Filtering (off network) : Internet Freedom | Encrypted online privacy and security