Creating a RACI (Responsible, Accountable, Consulted, Informed) template for PCI DSS v4.0 Requirement 1, which is about installing and maintaining network security controls, involves identifying key roles and tasks related to the requirement. Here's a template structure that can be used: | PCI DSS v4.0 Requirement 1 Tasks | Responsible | Accountable | Consulted | Informed | |----------------------------------|-------------|-------------|-----------|----------| | 1.1: Establish firewall and router configurations | | | | | | 1.2: Document and justify all allowed network connections | | | | | | 1.3: Prohibit direct public access between the Internet and any system in the cardholder data environment (CDE) | | | | | | 1.4: Install personal firewall software on any mobile and/or employee-owned devices | | | | | | 1.5: Ensure secure and synchronized router configuration files | | | | | | 1.6: Review firewall and router rule sets at least every six months | | | | | - **Responsible**: Individuals or teams who perform the tasks. - **Accountable**: Typically, a manager or project leader. This person is answerable for the correct and thorough completion of the task. - **Consulted**: Subject matter experts who provide input or advice. - **Informed**: Those who are kept updated on progress or with whom information on results is shared. You can fill in the table by assigning specific roles or departments within your organization to each category for each task. For instance, your IT department might be responsible for establishing firewall configurations, while senior management might be accountable. IT security experts could be consulted for best practices, and the compliance team might be informed of any updates or changes. Remember to tailor the RACI chart to the specific needs and structure of your organization.