CoalfireOne℠ - Scans Newsletter

April 3, 2018 | Volume 10

SSL and Early TLS Deadline

June 30, 2018 is the sunset date put in place by the PCI council regarding the use of SSL and early TLS within compliant environments. After this date, it is expected that entities have migrated completely away from using this within the PCI environment.

After this date, an entity that still has SSL or Early TLS in their environment will need to document that it has been verified that the systems are not susceptible to the vulnerability and complete the Addressing Vulnerabilities with Compensating Controls process for their particular environment.

Coalfire will no longer accept simply having a Mitigation and Migration plan as a dispute for these types of vulnerabilities identified.

Updating Vulnerability Checks

Coalfire is continually working to better our scanning tool and all of its features and functions.

Through this work, we have identified a number of vulnerability checks that seem to be common false positives and have focused our attention on improving these checks.

We have been working diligntly to get these checks rewritten to reduce the number of false positives being flagged throughout our vulnerability scans.  

While some of these improvements have already been released, you can expect additional check rewrites to be completed throughout the remainder of the year.

Past Newsletters and Events

If you've missed our previous CoalfireOne Scans Newsletters, you can find them as well as other Coalfire related news and events by clicking here.

Have a question about CoalfireOne?

The ScanDesk is ready to help. M-F: 6 AM-6 PM MT
650-597-4510 |

Did you know?

  • Per PCI guidelines, disputes can be accepted for a period no longer than 90 days. CoalfireOne has a “Disputes by Vulnerability” option to lighten the load of submitting disputes from quarter to quarter.
  • Timely dispute response. Once a dispute is submitted, you will receive information if the dispute has been accepted or rejected within 5 business days. If the disputes have been rejected, a detailed explanation will be provided by a CoalfireOne representative.

<< Go Back

Friendly Reminders

Scan at least Monthly

  • Vulnerabilities are discovered every day. Coalfire recommends you to run automatic scans at least monthly, so you’ll always have the current vulnerability information for your hosts. This also allows those who complete ASV scans to identify vulnerabilities on hosts sooner, allowing for time to remediate before the end of the 90-day period.

Removal of SSL and early TLS

  • “SSL and early TLS have been removed as an example of strong cryptography in the PCI DSS. These protocols will no longer protect cardholder data – and can no longer be used as a security control after June 30, 2016 or June 20, 2018 for Merchants.” – PCI Council.
  • Even though the migration deadline for early TLS is June 20, 2018, a mitigation and migration plan is required to be in place now. As your ASV, a dispute will not be approved unless a migration and mitigation plan has been attested to.

CoalfireOne standard maintenance windows:

Every other Monday
4-6:30 PM PT

Every Thursday
12-3 PM PT