"Are direct connections prohibited for inbound or outbound traffic between the Internet and the cardholder data enviornment"
The glossary defines the CDE as:
"The people, processes and technology that store, process or transmitcardholder data or sensitive authentication data, including any connected system components."
But, doesn't that mean that 1.3.3 is basically impossible to do? At some point a user has to update their card information so how can that be done while still adhering to 1.3.3 given that the server the user would use would have to be connected to the Internet but, according to the above definition, also part of the CDE?