Meeting the TLS requirements in PCI DSS

  PCI DSS v3.2 is due to be released today. One widely anticipated clarification in the new PCI DSS standard, is in the requirements for TLS for web site (and services, and SMTP, and …) encryption. This is to undo the mess of unclear leadership that occurred with a deadline set in the v3.1 standard… Continue reading Meeting the TLS requirements in PCI DSS

HOSTS files and PCI DSS

How can one use a HOSTS file within a DSS compliant ecosystem? Situation Consider the situation that an administrator changes the hosts file on an end user machine to point to a copy of the targeted server, such that the logins are recorded. Where this target server is part of the organisation’s service, the theft… Continue reading HOSTS files and PCI DSS