Is your business using outdated SSL and TLS versions?
SSL and The PCI Security Standards Council (SSC) has announced that it is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher). The extended migration date is provided by the PCI SSC as of December 2015 and supersedes the original dates issued in both PCI DSS v3.1 and in the “Migrating from SSL and early TLS” Information Supplement in April 2015.
Informational Resources
The following PCI SSC resources provide additional, current information and answers to questions about new timelines, requirements and reasons for the adjustments:
- Bulletin: Outlines details on the newly announced extension to implement a secure transition to TLS 1.1 or higher.
- Webinar: Features insights and practical guidance from the PCI SSC, the National Institute of Standards and Technology (NIST) and members of the assessment community on making this important transition to protect your data and your customers.
- PCI SSC Information Supplement: Provides guidance on use of interim risk mitigation approaches, migration recommendations and alternative options for strong cryptographic protocols.
Is any of your business software running SSL 3.0 (or SSL 2.0)?
Find out what you need to do next.