Filter by Category

Are You Ready for the 2018 PCI DSS Deadlines?

PCI DSS 2018 deadlines

Sometime last year you achieved total compliance with PCI DSS, the information security standard for all organizations that process credit or debit cards. That means your data is safe, the auditors will leave you alone, and you can kick back and relax, right?

Unfortunately, hackers don’t take breaks. Their methods are constantly evolving, making it essential that you are compliant with the latest security standards. Fortunately, PCI DSS is designed to ensure that you know exactly what to do to stay ahead of new threats. Staying PCI DSS compliant also lets you avoid hefty fines.  

The latest version of PCI DSS is version 3.2, which was announced in April 2016. Hopefully you’ve already seen the new rules and are taking steps to improve your security. You should be aware that some major PCI DSS compliance deadlines are approaching in 2018.

Although PCI DSS 3.1 technically expired in October 2016, all new requirements in version 3.2 will be considered best practices until 2018, when they’ll become mandatory. Here are some of the most important changes:

 

Multi-Factor Authentication (Best Practice Now, Mandatory February 2018)

PCI DSS version 3.1 called for two-factor authentication. Don’t worry about the name change to multi-factor authentication—it’s just to clarify that more than two types of authentication are possible. The more important update is that the requirement is expanded to include all individual non-console administrative access as well as all remote access to the cardholder environment (CDE).

That means that for any potential CDE access points, including through tools like your managed file transfer solution, you need to have multi-factor authentication either at the network or the system level.

 

TLS 1.1 or Above (Best Practice Now, Mandatory June 2018)

SSL and its immediate successor, TLS 1.0, are no longer considered strong encryption methods. Originally, the new PCI DSS requirement mandated that every organization migrate to TLS 1.1 and above (ideally TLS 1.2) by June 2016. This deadline was later pushed out to June 2018.

However, if you’re using SSL or early TLS, you should know that you’re not using current security best practices. We recommend that you move your file transfers to a stronger encryption method as soon as possible.

 

PCI DSS 3.2Get the Full Scoop

In order to help you fully understand the changes to PCI DSS 3.2, especially how they relate to managed file transfer, we’ve created a new whitepaper. Download it to learn:

  • Who needs to comply with PCI DSS 3.2
  • What has changed since version 3.1
  • How PCI DSS compliance affects your file transfer processes and solutions

Get the Whitepaper

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Tradeshow Recap: Exploring Cloud File Transfer at Red Hat Summit 2018

May 21, 2018

Last week marked the first year for GoAnywhere as an exhibitor at Red Hat Summit in San Francisco. The three-day conference was a whirlwind of activity, great conversations, and opportunities to…


3 Reasons to Attend VMUG's June 7 Virtual Event

May 17, 2018

Whether you’re already using VMware to manage multiple virtual machines in one console, or you’re just getting started with datacenter virtualization, staying on top of trends, changes,…


GoAnywhere MFT Not Affected by EFAIL Vulnerabilities

May 16, 2018

Ashland, NE, May 16, 2018  In light of the recent OpenPGP & S/MIME warning (EFAIL), GoAnywhere has performed a software security review of its managed file transfer solution to ensure…


Need Help with GDPR Compliance? 3 Simple Steps to Take Now

May 14, 2018

Do you need help preparing for the General Data Protection Regulation (GDPR) deadline on May 25, 2018? If you’re like 67% of IT and security professionals we recently surveyed, you may be well…


3 Cybersecurity Takeaways from RSA Conference 2018

May 8, 2018

The speed and intensity of cyberattacks are growing, and cyber siege is no joke. But the 45,000+ attendees who attended this year’s RSA Conference in San Francisco proved the force of…