Meeting the TLS requirements in PCI DSS

  PCI DSS v3.2 is due to be released today. One widely anticipated clarification in the new PCI DSS standard, is in the requirements for TLS for web site (and services, and SMTP, and …) encryption. This is to undo the mess of unclear leadership that occurred with a deadline set in the v3.1 standard… Continue reading Meeting the TLS requirements in PCI DSS

HOSTS files and PCI DSS

Can the use of HOSTS file on clients be compatible with PCI DSS without further controls being in place? Situation Consider the situation that an administrator changes the hosts file on an end user machine to point to a copy of the targeted server, such that the logins are recorded. Where this target server is… Continue reading HOSTS files and PCI DSS