1.3.7

1.3.7 :: Place the database in an internal network zone, segregated from the DMZ.

Any database must be done at the application layer (Tier 2), not in the DMZ (Tier 1).