{"id":4040,"date":"2018-09-07T17:04:37","date_gmt":"2018-09-07T14:04:37","guid":{"rendered":"https:\/\/www.veriteknik.net.tr\/?p=4040"},"modified":"2018-11-06T17:18:05","modified_gmt":"2018-11-06T14:18:05","slug":"pci-dss-hsm","status":"publish","type":"post","link":"https:\/\/www.veriteknik.net.tr\/en\/pci-dss-hsm\/","title":{"rendered":"Reminder About PCI-DSS and PCI-HSM"},"content":{"rendered":"<p>We&#8217;ve felt the need to post this reminder about the changes to the PCI-DSS standards to answer a few possible questions. Please note that\u00a0it is possible that only some of the information provided below is directly related to your infrastructure, if not none.<\/p>\n<ul>\n<li>After PCI-DSS v3.2, the SCC has announced v3.2.1. This update does not add new requirements, yet it contains updated dates and some technical clarification. PCI-DSS v3.2 will be valid through 31 December 2018 and retired at 1 January 2019.<\/li>\n<li>PCI-DSS v.3.2.1 updates will not affect PA-DSS. PA-DSS will remain at v3.2.<\/li>\n<li>PCI-HSM v1.x will expire at\u00a0<span id=\"OBJ_PREFIX_DWT207_com_zimbra_date\" class=\"Object\" role=\"link\">April 2019<\/span>. Therefore it is best to use a device compatible with PCI-HSMv2.x at any PCI audit after\u00a0<span id=\"OBJ_PREFIX_DWT208_com_zimbra_date\" class=\"Object\" role=\"link\">April 2018<\/span>. It would be wise to take\u00a0the changes between PCI-HSM v1.x and v2.x (such as Key Lengths, usage of TR-31&#8230;)\u00a0into account and revise your algorithms accordingly.<\/li>\n<li>For the list of PCI-HSM expiry dates, see PTS Device Testing and Approval Program Guide (<span id=\"OBJ_PREFIX_DWT209_com_zimbra_url\" class=\"Object\" role=\"link\"><a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PTS_Program_Guide_v1-8.pdf\" target=\"_blank\" rel=\"noopener\">https:\/\/www.pcisecuritystandards.org\/documents\/PTS_Program_Guide_v1-8.pdf<\/a><\/span>) Appendix A.12.<\/li>\n<li>With PCI-DSS v3.1, mechanisms using SSL\/early TLS are forced to be removed from the system at\u00a0<span id=\"OBJ_PREFIX_DWT210_com_zimbra_date\" class=\"Object\" role=\"link\">30 June 2016<\/span>. The industry&#8217;s response was that the date was too early, therefore the dates shifted from\u00a0<span id=\"OBJ_PREFIX_DWT211_com_zimbra_date\" class=\"Object\" role=\"link\">30 June 2016<\/span>\u00a0to\u00a0<span id=\"OBJ_PREFIX_DWT212_com_zimbra_date\" class=\"Object\" role=\"link\">30 June 2018<\/span>. As of\u00a0<span id=\"OBJ_PREFIX_DWT213_com_zimbra_date\" class=\"Object\" role=\"link\">30 June 2018<\/span>, you shouldn&#8217;t be using SSL\/early TLS in your cryptographic algorithms.<\/li>\n<li>Since vulnerabilities and exploits due to the usage of SSL\/early TLS are usually based on browsers (such as POODLE, BEAST), proving that there&#8217;s no such threat for them, POS POI devices can continue to use SSL\/early TLS. Even if this is allowed, weak cipher usage (ex. RC4, MD5) is not allowed for these devices either.<\/li>\n<li>We&#8217;ve seen that for some of our customers the term SSL\/early TLS is not clear enough. Safe TLS versions are TLS v1.1 and above. It should be noted that the recommended versions are TLS v1.2 and above.<\/li>\n<li>For further information about SSL\/early TLS, please see PCI SSC&#8217;s relevant article:\u00a0<span id=\"OBJ_PREFIX_DWT214_com_zimbra_url\" class=\"Object\" role=\"link\"><a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf\" target=\"_blank\" rel=\"noopener\">https:\/\/www.pcisecuritystandards.org\/documents\/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf<\/a><\/span><\/li>\n<\/ul>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-medium wp-image-4041\" src=\"https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/PCI-DSS-Version-3.2.1-300x195.png\" alt=\"\" width=\"300\" height=\"195\" srcset=\"https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/PCI-DSS-Version-3.2.1-300x195.png 300w, https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/PCI-DSS-Version-3.2.1-768x499.png 768w, https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/PCI-DSS-Version-3.2.1.png 770w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;ve felt the need to post this reminder about the changes to the PCI-DSS standards to answer a few possible questions. Please note that\u00a0it is possible that only some of the information provided below is directly related to your infrastructure, if not none. After PCI-DSS v3.2, the SCC has announced v3.2.1. This update does not [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":4096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[66],"tags":[188,211,117,187],"yst_prominent_words":[205,206,194,193,192,208,204,198,197,203,199,207,200,201,191,196,209,202,195,210],"class_list":["post-4040","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-pa-dss","tag-pci","tag-pci-dss","tag-pci-hsm"],"jetpack_featured_media_url":"https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png","uagb_featured_image_src":{"full":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png",640,427,false],"thumbnail":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder-150x150.png",150,150,true],"medium":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder-300x200.png",300,200,true],"medium_large":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png",640,427,false],"large":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png",640,427,false],"1536x1536":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png",640,427,false],"2048x2048":["https:\/\/www.veriteknik.net.tr\/wp-content\/uploads\/2018\/09\/pci-reminder.png",640,427,false]},"uagb_author_info":{"display_name":"Mustafa Emre Ayd\u0131n","author_link":"https:\/\/www.veriteknik.net.tr\/en\/author\/eaydin\/"},"uagb_comment_info":0,"uagb_excerpt":"We&#8217;ve felt the need to post this reminder about the changes to the PCI-DSS standards to answer a few possible questions. Please note that\u00a0it is possible that only some of the information provided below is directly related to your infrastructure, if not none. After PCI-DSS v3.2, the SCC has announced v3.2.1. This update does not&hellip;","_links":{"self":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/4040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/comments?post=4040"}],"version-history":[{"count":3,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/4040\/revisions"}],"predecessor-version":[{"id":4048,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/posts\/4040\/revisions\/4048"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/media\/4096"}],"wp:attachment":[{"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/media?parent=4040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/categories?post=4040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/tags?post=4040"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/www.veriteknik.net.tr\/en\/wp-json\/wp\/v2\/yst_prominent_words?post=4040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}