thePCI Portal

PCI DSS Version 3.0 Retired

PCI DSS Version 3.0 is now retired (June 30 2015)!  Version 3.1 has been effective since April 2015.

And this date marks the beginning of the one year countdown for use of SSL and early TLS as a security control (June 30, 2016).  New implementations must not use SSL or early TLS.  For the next year, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place.

POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as “not being susceptible to any known exploits for SSL and early TLS” may continue using these as a security control after June 30, 2016.

Ad below this line:

 

Leave a Reply

Your email address will not be published. Required fields are marked *