Payment Card Industry Data Security Standard (PCI DSS) 3.0 was officially retired 30th June 2015, and firms are warned not to use SSL or early TLS for any new projects to secure payment data. PCI DSS 3.1 was introduced back in April as a response to major security flaws discovered in the open source SSL, including Heartbleed, Shellshock and POODLE. Firms have a grace period of until 30 June 2016 in which to implement v3.1 compliance, but they will not be able to roll out any new systems with SSL or early versions of TLS from today. The update means online merchants will have to switch off SSL in web servers and support the latest version of the Transport Layer Security protocol. The US National Institute for Standards and Technology last year told all government agencies to upgrade to TLS 1.2 as standard.
Read More:
Source:
InfoSecurity Magazine
Help Net Security
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis