Quote:

---

PCI SSC made an update to reflect the fact that all non-console administrative access now requires MFA, with one-time passwords serving as an effective alternate control in these scenarios.

---

Quote:

---

It also updated the Standard’s requirements and Appendix A2 to limit the use of Secure Sockets Layer (SSL)/early-Transport Layer Security (TLS) to only point-of-sale point-of-interaction (POS POI) terminals and their service provider connection points after 30 June 2018.

---