Overview#PCI Data Security Standard v3.2
- New implementations must not use SSL or early TLS as a security control.
- All service providers must provide a secure service offering by June 30, 2016.
- After June 30, 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol (an allowance for certain POS POI terminals is described in the last bullet below).
- Prior to June 30, 2018, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place.
- POS Terminal POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits for SSL and early TLS, may continue using these as a security control after June 30, 2018.
More Information#There might be more information for this subject on one of the following:
Add new attachment
Only authorized users are allowed to upload new attachments.