PCI Scope Assessments for Higher Education Institutions
July 13, 2015, Tyler Baker, Regional Sales Manager
With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQ’s they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new requirements it is even harder to recognize what’s in scope. Tyler Baker interviews Dirk Anderson, the Vice President of Enterprise Risk & Compliance Platform at Coalfire, to get a deeper understanding of PCI Scope Assessment.
PCI DSS version 3.1 released!
April 15, 2015, Matt Getzelman, PCI Practice Director
As expected, a “minor” revision to the PCI DSS 3.0 standard (now version 3.1) was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data Environment (CDE). In response, the SSC has updated PCI DSS requirements 2.2.3, 2.3 and 4.1 to remove any references that cite SSL 3.0 and early versions of TLS 1.0 as examples of strong cryptography.