New paper explains how to meet the encryption requirements of PCI DSS v3.1


IT Governance, the global cyber security services provider and PCI QSA company, has released a new paper on encryption for PCI DSS v3.1.
Written by a PCI QSA, this paper is targeted at those implementing PCI DSS v3.1 and those conducting audits to ensure an organisation is compliant with the Standard. It can be downloaded for free from:
The Payment Card Industry Security Standards Council (PCI SSC) requires merchants and service providers to use industry standards and best practices for strong cryptography and secure protocols.
Version 3.1 of the Payment Card Industry Data Security Standard (PCI DSS) was published in April 2015 and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk.
Encryption for PCI DSS v3.1 provides some background around the cryptography issues, and explains how encryption is incorporated into the Standard and how it can be audited. The topics covered include:
  • What strong cryptography means
  • Explanation of the changes related to SSL and TLS
  • The specific encryption requirements in PCI DSS v3.1
  • How to determine the encryption strength
  • How to do additional testing for compliance purposes
Download this paper for free from:
This website uses cookies. View our cookie policy