, the global cyber security services provider and PCI QSA company, has released a new paper on encryption for PCI DSS v3.1
Written by a PCI QSA, this paper is targeted at those implementing PCI DSS v3.1 and those conducting audits to ensure an organisation is compliant with the Standard. It can be downloaded for free from: www.itgovernance.co.uk/resources/green-papers/encryption-for-pci-dss-v3-1.aspx
The Payment Card Industry Security Standards Council (PCI SSC) requires merchants and service providers to use industry standards and best practices for strong cryptography and secure protocols.
Version 3.1 of the Payment Card Industry Data Security Standard
(PCI DSS) was published in April 2015 and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk.
Encryption for PCI DSS v3.1
provides some background around the cryptography issues, and explains how encryption is incorporated into the Standard and how it can be audited. The topics covered include:
What strong cryptography means
Explanation of the changes related to SSL and TLS
The specific encryption requirements in PCI DSS v3.1
How to determine the encryption strength
How to do additional testing for compliance purposes
Download this paper for free from: www.itgovernance.co.uk/resources/green-papers/encryption-for-pci-dss-v3-1.aspx