As of February 1, 2018: Required https://pcigu
Post# of 82672
(Total Views: 234)
Posted On: 12/12/2017 4:48:25 PM
As of February 1, 2018: Required
https://pciguru.wordpress.com/2017/12/08/dead...ming-soon/
Q4 2017 QSA Update
PCI Requirement Changes Coming in 2018
As of February 1, 2018, the following will become requirements for all organizations complying with the PCI DSS.
The vast majority of large retailers have or are in the process of implementing P2PE/E2EE solutions with tokenzation.
Those implementations that are in process will likely be done by the end of 2017.
The end of 2017 is quickly approaching, and we thought we should remind you of the PCI requirement changes that are coming next year. Some of these deadlines will go into effect at the end of January, so if you are not on top of these you had better get moving.
8.3.1 – Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
This change should be self-explanatory but we still are getting questions about it. This requirement change is mandating that all non-console administrative access to systems/devices in the cardholder data environment (CDE) requires some form of multi-factor authentication (MFA). What this requirement mandates is MFA for all administrators of CDE systems/devices.
Where we continue to get questions is the difference between 8.3.1 and 8.3.2 which requires MFA for remote access. For an administrator that is on the internal network, requirement 8.3.1 means they will need to use MFA to gain administrative access to any CDE system or device. If that same administrator is working from home, 8.3.1 means that they will have to use MFA to get connected to the internal network and then use MFA again to gain administrative access to any CDE system or device. The same MFA solution can be employed, but that will mean that time delays between the remote connection and the CDE connection will have to be implemented to ensure that MFA factors are not reused.
The rationale behind this change is to minimize all of the breaches that have occurred due to spear phishing of administrators.
In addition to these two changes, the following changes are specific only to service providers.
https://pciguru.wordpress.com/2017/12/08/dead...ming-soon/
Q4 2017 QSA Update
PCI Requirement Changes Coming in 2018
As of February 1, 2018, the following will become requirements for all organizations complying with the PCI DSS.
The vast majority of large retailers have or are in the process of implementing P2PE/E2EE solutions with tokenzation.
Those implementations that are in process will likely be done by the end of 2017.
The end of 2017 is quickly approaching, and we thought we should remind you of the PCI requirement changes that are coming next year. Some of these deadlines will go into effect at the end of January, so if you are not on top of these you had better get moving.
8.3.1 – Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.
This change should be self-explanatory but we still are getting questions about it. This requirement change is mandating that all non-console administrative access to systems/devices in the cardholder data environment (CDE) requires some form of multi-factor authentication (MFA). What this requirement mandates is MFA for all administrators of CDE systems/devices.
Where we continue to get questions is the difference between 8.3.1 and 8.3.2 which requires MFA for remote access. For an administrator that is on the internal network, requirement 8.3.1 means they will need to use MFA to gain administrative access to any CDE system or device. If that same administrator is working from home, 8.3.1 means that they will have to use MFA to get connected to the internal network and then use MFA again to gain administrative access to any CDE system or device. The same MFA solution can be employed, but that will mean that time delays between the remote connection and the CDE connection will have to be implemented to ensure that MFA factors are not reused.
The rationale behind this change is to minimize all of the breaches that have occurred due to spear phishing of administrators.
In addition to these two changes, the following changes are specific only to service providers.
(2)
(0)Zerify Inc (ZRFY) Stock Research Links
WORDS TO LIVE BY:
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.
Scroll down for more posts ▼