PCI Council releases PA-DSS 3.1, nixes SSL, early TLS

Teri RobinsonJune 3, 2015

The PCI Security Standards Council (PCI SSC) published a revision to its Payment Application Data Security Standard (PA-DSS), addressing vulnerabilities in the Secure Sockets Layer (SSL) encryption protocol.

PA-DSS 3.1 updates requirements 8.2, 11.1 and 12.1-12.2 “to remove SSL and early TLS as examples of strong cryptography,” a Monday release (PDF) by PCI SCC said. With the updates PA-DSS 3.1 now syncs with the Council's earlier release of PCI Data Security Standard (PCI DSS) 3.1. The Council noted in the release that if vulnerabilities in SSL are exploited, the security of payment card data can be jeopardized.

“Upgrading payment applications and systems to a minimum of TLS 1.1 (the successor protocol to SSL) is the only known way to remediate SSL vulnerabilities that have been most recently exploited by browser attacks including POODLE and BEAST,” the release said.

Teri Robinson

Governance, Risk and Compliance

Bogged down by SIEM data ingest fees? 3 strategies to keep costs in check

Kevin PaigeApril 22, 2024

Solutions exist that let organizations adjust the volume of data being processed by their SIEM system.

AI/ML

Runecast acquired by Dynatrace for enhanced security

SC StaffFebruary 1, 2024

SiliconAngle reports that artificial intelligence-powered security and compliance solutions provider Runecast Solutions is set to be purchased by unified observability and security provider Dynatrace as part of its efforts to strengthen its security capabilities.

Government Regulations

Here’s how to get proactive about complying with the SEC’s cybersecurity rules

Mike Britton January 12, 2024

Companies need to apply security best practices, but they also should take the time to determine the financial impact of a breach to their organization.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news