Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » PCI SSC releases version 3.1, eschews SSL, early TLS

PCI SSC releases version 3.1, eschews SSL, early TLS

2015/04/16

SC Magazine - (International) The Payment Card Industry Security Standards Council (PCI SSC) announced in its release of PCI Data Security Standard (PCI DSS) Version 3.1 that secure-sockets layer (SSL) support would be discontinued in favor of current transport layer security (TLS) encryption, due to weaknesses that were identified in SSL by the National Institute of Standards and Technology that could put payment data at risk. The change also occurred as a result of previous Web browser attacks that took advantage of SSL vulnerabilities such as POODLE and BEAST.

Source: http://www.scmagazine.com/orgs-have-14-months-to-move-to-pci-ssc-version-31/article/409549/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:07