Report from the PCI SSC North American Community Meeting
Joseph Tinucci, Senior Director, Managed Services
The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 – October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at the event (Point-to-Point Encryption and Securing Virtual Payments). Since I was also there, and I am a guest blogger for the Treasury Institute for Higher Education’s PCI DSS blog, I posted about the PCI DSS trends that I observed at the meeting.
PCI Scope Assessments for Higher Education Institutions
Tyler Baker, Regional Sales Manager
With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQ’s they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new requirements it is even harder to recognize what’s in scope. Tyler Baker interviews Dirk Anderson, the Vice President of Enterprise Risk & Compliance Platform at Coalfire, to get a deeper understanding of PCI Scope Assessment.
PCI DSS version 3.1 released!
Matt Getzelman, PCI Practice Director
As expected, a “minor” revision to the PCI DSS 3.0 standard (now version 3.1) was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data Environment (CDE). In response, the SSC has updated PCI DSS requirements 2.2.3, 2.3 and 4.1 to remove any references that cite SSL 3.0 and early versions of TLS 1.0 as examples of strong cryptography.