PCI Compliance - SSL v3.0 Prohibited - Learn How to React

PCI Compliance - SSL v3.0 Prohibited - Learn How to React | Security | Chicago IT | Equilibrium | EQInc.comThe Payment Card Industry (PCI) Security Standards Council released a bulletin on February 13, 2015 which prohibits the use of SSL 3.0 as an acceptable security protocol according to PIC SCC's definition of "strong cryptography".

This specification will be enforced in the next version of the standard (v3.1). There is no planned date as to when the new version will be formally published.

The next step up above SSL 3.0 is TLS 1.0 which is also prohibited. Equilibrium recommends starting to plan to upgrade all systems using SSL in your environment to offer only TLS 1.2 and disabling TLS 1.1 and below. Use Qualys' free SSL Test tool to understand the configuration and vulnerabilities of your SSL server.

Contact Equilibrium to learn how to upgrade your SSL servers and get ahead of the curve. Visit our Security Practice homepage and email us at

Author: Todd Bey

Follow Us:

EQ Linked-In | Security | PCI | Chicago IT | Equilibrium IT | EQInc.com  EQ Facebook | Security | PCI | Chicago IT | Equilibrium IT | EQInc.com  EQ Google+ | Security PCI | | Chicago IT | Equilibrium IT | EQInc.com  EQ Twitter | Security | PCI | Chicago IT | Equilibrium IT | EQInc.com

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.