All scripts
compliance
Expert
5–15 min
PCI-DSS Network Segmentation Verifier
Verify CDE isolation: ACL/firewall rules blocking CDE↔non-CDE, segmentation testing, wireless isolation, split-DNS check and log forwarding — mapped to PCI DSS 4.0 requirements.
Cisco
Palo Alto
Fortinet
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in →
Capabilities
- CDE↔non-CDE rule verification
- Active segmentation test (probe)
- Wireless isolation check
- Split-DNS verification
- Log forwarding to SIEM
- PCI DSS 4.0 requirement map
- Scored report
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
CDE subnets (comma) cde_subnets | string | 10.50.0.0/16 | — |
Run live segmentation probe probe | bool | false | — |
Required SIEM host siem_host | string | siem.corp.local | — |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce — used as a stylistic and structural target.
terminal
[2026-06-12] INFO PCI DSS 4.0 segmentation verification (CDE 10.50.0.0/16)... REQ CHECK RESULT 1.3.1 CDE inbound restricted PASS 1.3.2 CDE outbound restricted FAIL (10.50→10.0 any allowed) ← 1.4 Wireless isolated from CDE PASS 10.5.4 Logs forwarded to SIEM PASS Summary: 11 pass · 1 fail · CDE NOT fully isolated