Security & Compliance

Network Security Controls Policy

Controls for network configuration, traffic restriction, and protective review under PCI DSS Requirement 1.


Network Security Controls Policy

Updated: January 1, 2026

Approved By: Jennifer Lyssy, CEO

1. Purpose

This policy defines the processes and controls for installing, configuring, and maintaining network security controls to protect systems and cardholder data in accordance with PCI DSS Requirement 1.

2. Scope

This policy applies to all systems, networks, and components that connect to or could impact the security of the Cardholder Data Environment (CDE).

3. Policy Statement

Botanic, LLC implements and maintains network security controls to restrict unauthorized access, ensure only necessary traffic is allowed, and protect all systems from exposure to untrusted networks.

4. Roles and Responsibilities

Security Officer / IT Lead

  • Maintains network security configurations
  • Approves changes to network controls
  • Conducts periodic reviews

Technical Personnel

  • Implements and maintains configurations
  • Monitors network activity

5. Network Security Controls

5.1 Default Deny Principle

All network security controls are configured to deny all inbound and outbound traffic by default, allowing only traffic with a defined business need.

5.2 Configuration Standards

  • Firewall and network control rules are:
  • Documented
  • Approved
  • Maintained

5.3 Change Management

All changes to network configurations or connections must:

  • Be documented
  • Be approved prior to implementation
  • Follow formal change control procedures

5.4 Allowed Services, Ports, and Protocols

  • All open ports and services must:
  • Have a defined business purpose
  • Be documented and approved

5.5 Network Diagram

The organization maintains an up-to-date network diagram that:

  • Identifies all system components
  • Shows connections between internal systems and external networks

5.6 Data Flow Diagram

A data flow diagram is maintained that:

  • Shows how payment data flows through systems
  • Is updated when system changes occur

5.7 Configuration Reviews

Network security configurations are reviewed at least every six months to ensure they remain appropriate and effective.

6. Network Access Controls

6.1 Inbound Traffic

  • Only necessary inbound traffic is allowed
  • All other traffic is denied

6.2 Outbound Traffic

  • Only necessary outbound traffic is allowed
  • All other traffic is denied

7. Trusted vs Untrusted Networks

  • Network security controls are implemented between trusted internal systems and untrusted networks (including the internet)
  • Only authorized communications are permitted

8. Anti-Spoofing

Measures are implemented to detect and block forged IP addresses and unauthorized traffic.

9. Protection of Cardholder Data Systems

Systems that process or transmit cardholder data are not directly accessible from untrusted networks.

The organization utilizes PCI-compliant third-party payment processors, and cardholder data is not stored locally.

10. Remote and Endpoint Security

Devices connecting to organizational systems must:

  • Be secured with appropriate controls
  • Not introduce risk to the network

11. Configuration Security

  • Network configuration files are:
  • Protected from unauthorized access
  • Maintained to match active configurations

12. Policy Review

This policy will be reviewed at least annually and updated as needed.

13. Compliance

Failure to comply with this policy may result in disciplinary action and potential legal consequences.

14. Acknowledgment

All applicable personnel must acknowledge and adhere to this policy.

© 2025-2026 Botanic, LLC

Physical: 22507 Felicia Drive, Spicewood, TX 78669

Mailing: 15511 Hwy 71 West, Suite 110, #420, Bee Cave, TX 78738

(833) 722-8339 | Information: info@shopbotanic.co | Support: support@shopbotanic.co

Terms and Conditions | Privacy Policy | Data Protection Policy | Anti-Money Laundering (AML) Policy

Subscription Policy | Refund and Return Policy | Shipping Policy

Secure Online Identity and Age Verification Policy | Disclaimers | Certificates of Analysis

Information Security Policy | Security Testing and Monitoring Policy

Policies and Procedures | Compensation Plan | Income Disclosure Statement | Web Hosting Provider Notice

You must be 21+ to visit this website.

This website uses Secure Online Age Verification for all hemp products. We provide an easy checkout experience while following the latest age regulations. We match customer information from your checkout form against our identity networks to verify that you meet minimum age requirements. Our hemp-derived products are compliant with the 2018 Federal Farm Bill, containing less than 0.3% delta-9 THC by weight. All products are lab-tested for quality and compliance with legal standards. These statements have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease. Always consult your physician before starting any wellness regimen. This content is for informational purposes only. It is not intended to take the place of medical advice or treatment from a personal physician. All readers of this content should consult their physician or qualified healthcare professional regarding specific health questions, especially those taking prescription or over-the-counter medications. We do not take responsibility for possible health consequences of any person reading and/or following this informational content. Income is not guaranteed. Earnings depend on individual effort and sales performance. Success stories are unique, and results vary depending on individual effort. All prices are in USD. Secured with TLS encryption. Botanic is a USA company that provides plant-based wellness products.

Log in with your credentials

Forgot your details?