Skip to the main content.
Contact
Contact

1 min read

PCI DSS Version 3.1 Has Arrived

PCI DSS Version 3.1 Has Arrived

The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration guidance:

Updates to the DSS Supporting documents like the ROC Reporting Instructions and to the PA-DSS Standard are expected to follow soon.

Some of the notable changes and guidance:

  • PCI DSS v3.0 will be retired June 30, 2015
  • All SSL and “early TLS” to be sunset by June 30, 2016 (see requirements 2.2.3, 2.3, 4.1)
  • Unacceptable secure session transport (all versions of SSL, TLS 1.0, and some implementations of TLS 1.1)
  • How to address SSL and early TLS in ASV scans
  • POS terminals and their receiving gateways can continue  to use SSL and early TLS after the sunset date provided it can be verified that the implementation is not susceptible to known exploits.
  • Clarifications on how to validate service providers and third party outsourcers
  • Added 3.4.e to ensure truncated and hashed PAN stored together cannot be used to reconstruct the original PAN
  • End-user protocols now includes the example of SMS (text messaging)
Why Organizations Need to Become Crypto-Agile and What that Means

Why Organizations Need to Become Crypto-Agile and What that Means

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and...

Read More
NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe

7 min read

NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe

Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography. In 2016,...

Read More
Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse

Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse

According to some, quantum cryptography will revolutionize cryptography, kill our current ciphers, and reveal all our secrets. But if you're a risk...

Read More