PCI DSS v3.1 reloaded!

I believe most of you would have grind PCI DSS compliance into your daily coffee and have it all in your mind, so i will not state the obvious. View Section 2.3(x) from PCI DSS v3.1 to see this emphasis.

So what is the difference between the prior PCI DSS and the v3.1? The emphasis of compliance seekers to upgrade their SSL and anything under the belt of secure communications on the web to the point where POODLE does not affect the consumer. This means one would probably have to disable SSL3.0/early TLS for compliance. There are however, work arounds, to this; reading the paper from the link below would explain this in detail.

What is POODLE: https://www.openssl.org/~bodo/ssl-poodle.pdf

I am happy that PCI has taken a strong stance in this matter. Unlike the BEAST and Lucky 13, POODLE is a beast one can’t fix unless you remove it.  Remember, PCI gives you till 30th June, 2016 to fix this in your system.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s