{"id":2098,"date":"2016-03-21T11:24:27","date_gmt":"2016-03-21T15:24:27","guid":{"rendered":"http:\/\/pro-webs.net\/blog\/?p=2098"},"modified":"2016-03-21T11:24:27","modified_gmt":"2016-03-21T15:24:27","slug":"pci-dss-3-2","status":"publish","type":"post","link":"https:\/\/pro-webs.net\/blog\/2016\/03\/21\/pci-dss-3-2\/","title":{"rendered":"PCI DSS 3.2"},"content":{"rendered":"

Here we go again…. I am writing this to, hopefully bring you the best and simplest understanding of your roles, changes and responsibilities. In December 2015 the PCI\/DSS council released a\u00a0bulletin<\/a> containing changes which are required to be implement by June 2016. So below, in addition to all the PCI\/DSS items you are currently doing, these below will need to be implemented no later than June 30th 2016. Lucky for us =) this should be the only 2016 change from the council…. But you can never say for sure.<\/p>\n

In\u00a0 April\u00a0 2015,\u00a0 PCI\u00a0 SSC\u00a0 issued\u00a0 initial\u00a0 guidance\u00a0 and\u00a0 removed\u00a0 SSL\u00a0 as\u00a0 an\u00a0 example\u00a0 of\u00a0 strong\u00a0 cryptography\u00a0 from\u00a0 the\u00a0 PCI\u00a0 Data\u00a0 Security\u00a0 Standard (PCI DSS), stating that it can no longer be used as a security control after 30, June 2016.<\/p>\n

After seeking extensive marketplace feedback, the PCI Security Standards Council revised and updated sunset dates.<\/p><\/blockquote>\n

First item<\/strong><\/p>\n

All processing and third party entities \u2013 including Acquirers, Processors, Gateways and Service Providers must provide a TLS 1.1 or greater service offering by June 2016.<\/p><\/blockquote>\n

Highly suggest you go a bit further than this due to current issues with TLS 1.1 and the likelihood that it will soon be compromised. I suggest you make certain TLS 1.1 AND 1.2 are available on your server, so that when 1.1 is cracked it can easily be disabled without a downtime issue for your store. Additionally, while you are at it, make sure the RC4 Cipher is disabled on your server as well. Authorize.net needs this and it’s weak and a PCI fail in and of itself. If you are confused visit the SSL tester here<\/a> and send the results to your hosting company, te4ll them you want an A+ rating like ours<\/a>.<\/p>\n

Second item<\/strong><\/p>\n

Consistent with the existing language in the DSS v3.1, all new implementations must be enabled with TLS 1.1 or greater<\/p><\/blockquote>\n

We covered this above already.<\/p>\n

Third item<\/strong><\/p>\n

All processing and third party entities must cutover to a secure version of TLS (as defined by NIST) effective June 2018<\/p><\/blockquote>\n

This really doesn’t concern us, except to keep up with information from our processors such as Authorize . net, Linkpoint, PayPal etc and make the changes they may require going forward.<\/p>\n

Forth item<\/strong><\/p>\n

The use of SSL\/TLS 1.0 within a POI terminal that can be verified as not being susceptible to all known exploits for SSL and early TLS, with no demonstrative risk can be used beyond June 2018 consistent with the existing language in the DSS v3.1 for such an exception<\/p><\/blockquote>\n

This also if for our processors =)<\/p>\n

Conclusion<\/h3>\n

This is a reminder, the SSL\/early TLS updates in PCI DSS v3.2 were made public in December. We should all already be confronting this issue. Remember to read the Bulletin on Migrating from SSL and Early TLS<\/a> for more information.<\/p>\n

If you are just getting started, or want to check your processes, I recommend our basic PCI Guide for merchants<\/a> for you.<\/p>\n","protected":false},"excerpt":{"rendered":"

Here we go again…. I am writing this to, hopefully bring you the best and simplest understanding of your roles, changes and responsibilities. In December 2015 the PCI\/DSS council released a\u00a0bulletin containing changes which are required to be implement by June 2016. So below, in addition to all the PCI\/DSS items you are currently doing, […]<\/p>\n","protected":false},"author":3,"featured_media":2103,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,260,105],"tags":[782,791,2629,2626],"class_list":["post-2098","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-checkout","category-small-business","category-so-you-want-to-be-a-shop-owner-series","tag-dss","tag-pci","tag-pci-dss-3-2","tag-zen-cart"],"_links":{"self":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts\/2098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/comments?post=2098"}],"version-history":[{"count":0,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/posts\/2098\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/media\/2103"}],"wp:attachment":[{"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/media?parent=2098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/categories?post=2098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pro-webs.net\/blog\/wp-json\/wp\/v2\/tags?post=2098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}