Home Validation PCI DSS 3.2: what you need to remember?

PCI DSS 3.2: what you need to remember?

Posted on by editor

PCI Security Standards Council describes the main requirements for PCI DSS 3.2 – update, which is aimed at the business. Troy Leach says, that the introduction of the standard will not fast in order to the organization to prepare for future changes.

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

sslgoodb

For some companies, the transition may take up to two years to meet the new requirements. PCI Council team discusses the possibility of a rare issue updates to the companies did not have to constantly introduce new infrastructure.

The most notable features of PCI DSS 3.2:

Additional multifactor authentication. Verizon report showed that 63% of all existing violations associated with weak or stolen passwords. The company recommends avoiding single-factor authentication. PCI DSS 3.2 standard requires that system administrators, requested Cardholder Data Environment (CDE), resorted to only multifactor authentication. Single factor access to CDE is no longer acceptable today. Multi-factor authentication for remote access to the CDE is part of the PCI DSS. Organizations need to February 1, 2018 comply with this standard.

The new requirements for service providers. PCI DSS 3.2 will include some criteria for Designated Entities Supplemental Validation (DESV) for service providers. Among the requirements: service providers must demonstrate that they have a detection mechanism to respond to errors with critical security control. They should carry out penetration tests at least twice a year; conduct quarterly checks for staff to ensure that they are complying with security policies and procedures; service providers executives should show understanding of the PCI DSS.

Advanced switching to SSL / TLS. When were discovered serious vulnerabilities in the SSL and TLS, PCI Council removed the SSL from example of strong encryption in the PCI Data Security Standard, requiring a transition from the SSL and TLS 1.0 to secure version of TLS (currently it is 1.1 and above) by July 2016. However, it is led to market problems, because companies do not have time to make the transition so quickly. To ease the transition, PCI Council has decided to push back the scope of migration on 1 July 2018. PCI DSS 3.2 also includes a migration app, that allows companies to make a simple and rapid transition.

Related posts:

  1. The transition to the use of TLS in payments for compliance with the PCI
  2. Protecting private keys has become the new standard
  3. Encrypting email – it always necessary certificates?
  4. How to use PKI and why is it important in the corporate sector
  5. Problems with the implementation SSL in enterprises and ways of traffic control
  6. What is a PKI and where it is used
  7. What you need to know about the upcoming Google updates security
  8. Comodo is trying to get the brand Let’s Encrypt
  9. HTTPS Proxying and its features
  10. The purpose and function of SSL certificates

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Posted in Validation Tagged with: , , , , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.