Filter by Category

Are You Ready for the 2018 PCI DSS Deadlines?

PCI DSS 2018 deadlines

Sometime last year you achieved total compliance with PCI DSS, the information security standard for all organizations that process credit or debit cards. That means your data is safe, the auditors will leave you alone, and you can kick back and relax, right?

Unfortunately, hackers don’t take breaks. Their methods are constantly evolving, making it essential that you are compliant with the latest security standards. Fortunately, PCI DSS is designed to ensure that you know exactly what to do to stay ahead of new threats. Staying PCI DSS compliant also lets you avoid hefty fines.  

The latest version of PCI DSS is version 3.2, which was announced in April 2016. Hopefully you’ve already seen the new rules and are taking steps to improve your security. You should be aware that some major PCI DSS compliance deadlines are approaching in 2018.

Although PCI DSS 3.1 technically expired in October 2016, all new requirements in version 3.2 will be considered best practices until 2018, when they’ll become mandatory. Here are some of the most important changes:

 

Multi-Factor Authentication (Best Practice Now, Mandatory February 2018)

PCI DSS version 3.1 called for two-factor authentication. Don’t worry about the name change to multi-factor authentication—it’s just to clarify that more than two types of authentication are possible. The more important update is that the requirement is expanded to include all individual non-console administrative access as well as all remote access to the cardholder environment (CDE).

That means that for any potential CDE access points, including through tools like your managed file transfer solution, you need to have multi-factor authentication either at the network or the system level.

 

TLS 1.1 or Above (Best Practice Now, Mandatory June 2018)

SSL and its immediate successor, TLS 1.0, are no longer considered strong encryption methods. Originally, the new PCI DSS requirement mandated that every organization migrate to TLS 1.1 and above (ideally TLS 1.2) by June 2016. This deadline was later pushed out to June 2018.

However, if you’re using SSL or early TLS, you should know that you’re not using current security best practices. We recommend that you move your file transfers to a stronger encryption method as soon as possible.

 

PCI DSS 3.2Get the Full Scoop

In order to help you fully understand the changes to PCI DSS 3.2, especially how they relate to managed file transfer, we’ve created a new whitepaper. Download it to learn:

  • Who needs to comply with PCI DSS 3.2
  • What has changed since version 3.1
  • How PCI DSS compliance affects your file transfer processes and solutions

Get the Whitepaper

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Getting the Most Out of Your GoAnywhere MFT Trial

August 14, 2018

We know it’s crucial to get a solution up and running quickly during your evaluation period. You want to know if it works, what the benefits are, and how it will impact or improve your business…


Six Signs Your Organization Needs MFT Software

August 7, 2018

As organizations increase the amount of data they transfer between users, employees, and trading partners; cybersecurity and IT teams race to keep up. One wrong move, like the lack of file…


Monitor Your GoAnywhere Analytics with HelpSystems Insite

July 26, 2018

With a brand new release of HelpSystems Insite, GoAnywhere MFT administrators can now view key GoAnywhere analytics from Insite’s single-pane-of-glass interface. This integration allows admins…


What Do Industry Professionals Think of Cloud Security? Get the 2018 Guide

June 18, 2018

Whether you’re considering a public cloud deployment or already exist in some form of hybrid environment, you’re probably trying to keep a pulse on the ever-evolving topic of cloud…


Introducing GoAnywhere MFT 5.7: New Cloud Integrations and Other Features

June 15, 2018

The latest version of our secure managed file transfer solution is live! Today GoAnywhere MFT 5.7 released with a variety of new features and updates, including brand-new Cloud Connectors,…