This is the network segment that contains servers and applications that are accessible by an external network (i.e., any network that is outside the card-production network or its DMZ).
a) The card production network must be segregated from other parts of an organization's network.
b) Effective 1 January 2016, the DMZ must be located in the Server Room of the HSA.
c) DMZ infrastructure equipment located within the HSA Server Room must be in a dedicated rack with access restricted to the minimum number of authorized individuals.
d) All switches and cabling associated with the DMZ equipment must be stored within the same rack with only the minimum required number of cable connections entering/exiting the rack in order to provide connectivity to firewalls.