thePCI Portal

Category: V3.2

Does v3.2 require multifactor authentication to admin my router?

Lets ignore, for now, a risk based answer to the question. Does PCI DSS v3.2 require network device administrators to use multifactor authentication when accessing a router? Lets presume that network traffic containing the PAN traverses the router. PCI DSS v3.2 requirement 8.3.1 states: 8.3.1 Incorporate multi-factor authentication for all non-console access into the CDE…

TLS, SSL and PCI – The links

I got tired of hunting these down regularly.  Here are the official TLS and SSL reference links in one spot: SSL/Early TLS: Working with an ASV on Failed Scans http://blog.pcisecuritystandards.org/working-with-an-asv-on-failed-scans INFORMATION SUPPLEMENT Migrating from SSL and Early TLS Version 1.0 Date: April 2015 Author: PCI Security Standards Council – Includes: Preparing a Risk Mitigation and…

PCI DSS 3.2

Have you read the PCI Security Standards Council blog post with a version 3.2 Q&A with Chief Technology Officer Troy Leach yet? Some of the highlights include: What’s in 3.2? evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers;…