PCI DSS Changes to Supported Security Protocols

Do you run a website? Is your organisation required or meet or have you opted to voluntarily meet the requirements of PCI DSS or do you just like to keep up with good security practices?

Starting on 30th June 2018, the PCI Security Standard Council (PCI SSC) has given organisations who must comply with PCI requirements until this date to move away from insecure web security standards. This means that if your organisation is running a website or have any web-based services which use a secure connection, they must use the TLS 1.1 or above protocols; the web service must reject connections over SSL 3.0 and TLS 1.0 protocols. There is a handy PDF guide at https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf.

For most websites and web services, this is a simple change to implement, however, some platforms will not allow you to make this change and some application development languages may not even support these newer versions.

For big businesses, they may have teams dedicated to managing these requirements but for small organisations or start-up businesses offering online web fronts and check-out shopping services, you may not. Why not get in touch with us about consulting and we can help you investigate whether you can simply make this change or whether there is more work in store to get yourselves ready for the change. Now may even be a good time to take a look at modernisation such as Azure Web Apps for your website.