thePCI Portal

PCI DSS Version 3.0 Retired

PCI DSS Version 3.0 is now retired (June 30 2015)!  Version 3.1 has been effective since April 2015.

And this date marks the beginning of the one year countdown for use of SSL and early TLS as a security control (June 30, 2016).  New implementations must not use SSL or early TLS.  For the next year, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place.

POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as “not being susceptible to any known exploits for SSL and early TLS” may continue using these as a security control after June 30, 2016.

Ad below this line:


8 comments for “PCI DSS Version 3.0 Retired

  1. August 24, 2015 at 8:44 am

    You did a good job .

    • thePCIportal
      September 17, 2015 at 3:15 pm

      Like, in the past? SL.

  2. August 24, 2015 at 11:30 am

    Do not rush me.

    • thePCIportal
      September 17, 2015 at 3:14 pm

      OK, but we close at 9. We are open again tomorrow at 8. SL.

  3. September 9, 2015 at 11:45 am

    When I initially commented I clicked the “Notify me when new comments are added” checkbox and now
    each time a comment is added I get three emails with the same comment.

    Is there any way you can remove people from that service?
    Many thanks!

    • thePCIportal
      September 17, 2015 at 3:13 pm

      THAT is a premium feature. Please send money via PayPal for full instructions. SL.

  4. September 30, 2015 at 10:50 pm

    Hey very interesting blog!

  5. October 18, 2015 at 6:36 pm

    Thanks a lot for sharing!

Leave a Reply

Your email address will not be published. Required fields are marked *