PCI - Deadlines Coming Soon New post on PCI G
Post# of 82672
(Total Views: 445)
Posted On: 12/12/2017 4:28:05 AM
PCI - Deadlines Coming Soon
New post on PCI Guru
Deadlines Coming Soonby PCIGuru
A good reminder that there are a number of deadlines coming in January 2018.
PCI Requirement Changes Coming in 2018
As of February 1, 2018, the following will become requirements for all organizations complying with the PCI DSS.
PCIGuru | December 8, 2017 at 10:05 AM | Categories: Uncategorized | URL: https://wp.me/pr1tr-xJ
8.3.1 – Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
" This change should be self-explanatory but we still are getting questions about it. This requirement change is mandating that all non-console administrative access to systems/devices in the cardholder data environment (CDE) requires some form of multi-factor authentication (MFA). What this requirement mandates is MFA for all administrators of CDE systems/devices.
Where we continue to get questions is the difference between 8.3.1 and 8.3.2 which requires MFA for remote access. For an administrator that is on the internal network, requirement 8.3.1 means they will need to use MFA to gain administrative access to any CDE system or device. If that same administrator is working from home, 8.3.1 means that they will have to use MFA to get connected to the internal network and then use MFA again to gain administrative access to any CDE system or device. The same MFA solution can be employed, but that will mean that time delays between the remote connection and the CDE connection will have to be implemented to ensure that MFA factors are not reused.
The rationale behind this change is to minimize all of the breaches that have occurred due to spear phishing of administrators. "
New post on PCI Guru
Deadlines Coming Soonby PCIGuru
A good reminder that there are a number of deadlines coming in January 2018.
PCI Requirement Changes Coming in 2018
As of February 1, 2018, the following will become requirements for all organizations complying with the PCI DSS.
PCIGuru | December 8, 2017 at 10:05 AM | Categories: Uncategorized | URL: https://wp.me/pr1tr-xJ
8.3.1 – Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
" This change should be self-explanatory but we still are getting questions about it. This requirement change is mandating that all non-console administrative access to systems/devices in the cardholder data environment (CDE) requires some form of multi-factor authentication (MFA). What this requirement mandates is MFA for all administrators of CDE systems/devices.
Where we continue to get questions is the difference between 8.3.1 and 8.3.2 which requires MFA for remote access. For an administrator that is on the internal network, requirement 8.3.1 means they will need to use MFA to gain administrative access to any CDE system or device. If that same administrator is working from home, 8.3.1 means that they will have to use MFA to get connected to the internal network and then use MFA again to gain administrative access to any CDE system or device. The same MFA solution can be employed, but that will mean that time delays between the remote connection and the CDE connection will have to be implemented to ensure that MFA factors are not reused.
The rationale behind this change is to minimize all of the breaches that have occurred due to spear phishing of administrators. "
(6)
(0)Zerify Inc (ZRFY) Stock Research Links
Scroll down for more posts ▼