This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
PCI Data Security Standard v3.2
PCI Data Security Standard v3.2

Version management

Difference between version and

At line 1 added 15 lines
!!! Overview
[{$pagename}]
!! Appendix A2: Additional [PCI DSS] Requirements for Entities using [SSL]/early [TLS]
[SSL] and early [TLS] [SHOULD NOT] be used as a security control to meet these requirements. To support entities working to migrate away from SSL/early TLS, the following provisions are included:
* New implementations must not use SSL or early TLS as a security control.
* All service providers must provide a secure service offering by June 30, 2016.
* After June 30, 2018, all entities must have stopped use of [SSL]/early [TLS] as a security control, and use only secure versions of the protocol (an allowance for certain POS POI terminals is described in the last bullet below).
* Prior to June 30, 2018, existing implementations that use [SSL] and/or early [TLS] must have a formal Risk Mitigation and Migration Plan in place.
* [POS Terminal] POI terminals (and the [SSL]/[TLS] termination points to which they connect) that can be verified as not being susceptible to any known exploits for [SSL] and early [TLS], may continue using these as a security control after June 30, 2018.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop